8

The title says it all. I want to grant permissions to push new objects to a given list-style database, but I don't want to allow full write permissions. In this possible?

Abe
  • 22,738
  • 26
  • 82
  • 111
  • For a variant of this question, see also http://stackoverflow.com/questions/20779134/firebase-delete-child-with-security-rule-data-exists-on-write/20787137#20787137 – Kato Feb 04 '15 at 19:10

1 Answers1

20

Not sure what "not allow full write permissions" means or that the title does indeed say it all. But let's assume this means you want to be able to add records but not delete or modify them? Making these assumptions, you could simply do a write rule as follows:

// !data.exists(): only push once, no edits
// newData.exists(): cannot delete
".write": "!data.exists()"
Kato
  • 40,352
  • 6
  • 119
  • 149
  • Glad to help! A few of the recipes under firebase.com/docs include examples of security rules that might also give you some good ideas. – Kato Apr 14 '14 at 16:10
  • 2
    Isn't the newData.exists() check unnecessary? If !data.exists() then surely you'd be trying to delete something that isn't there?! – pperrin Feb 04 '15 at 13:12
  • 6
    It does seem superfluous. Why are you shouting?! – Kato Feb 04 '15 at 15:01
  • 1
    Does `".write": "newData.exists()"` mean it is possible to add (allowing duplicates) but not delete? If so what about same without duplicates? – Mikel Mar 07 '17 at 17:21