Skip to content

Instantly share code, notes, and snippets.

Forked from codediodeio/database.rules.json
Created August 26, 2020 00:34
Show Gist options
  • Save ahsansher/11e832afa2d15d91de90420b9540c0ea to your computer and use it in GitHub Desktop.
Save ahsansher/11e832afa2d15d91de90420b9540c0ea to your computer and use it in GitHub Desktop.
Common Database Rules for Firebase
// No Security
"rules": {
".read": true,
".write": true
// Full security
"rules": {
".read": false,
".write": false
// Only authenticated users can access/write data
"rules": {
".read": "auth != null",
".write": "auth != null"
// Checks auth uid equals database node uid
// In other words, the User can only access their own data
"rules": {
"posts": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
// Validates user is moderator from different database location
"rules": {
"posts": {
"$uid": {
".write": "root.child('users').child('moderator').val() === true"
// Validates string datatype and length range
"rules": {
"posts": {
"$uid": {
".validate": "newData.isString()
&& newData.val().length > 0
&& newData.val().length <= 140"
// Checks presense of child attributes
"rules": {
"posts": {
"$uid": {
".validate": "newData.hasChildren(['username', 'timestamp'])"
// Validates timestamp is not a future value
"rules": {
"posts": {
"$uid": {
"timestamp": {
".validate": "newData.val() <= now"
// Prevents Delete or Update
"rules": {
"posts": {
"$uid": {
".write": "!data.exists()"
// Prevents only Delete
"rules": {
"posts": {
"$uid": {
".write": "newData.exists()"
// Prevents only Update
"rules": {
"posts": {
"$uid": {
".write": "!data.exists() || !newData.exists()"
// Prevents Create and Delete
"rules": {
"posts": {
"$uid": {
".write": "data.exists() && newData.exists()"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment