Firebase Cloud Firestore Database Rules data access denied

Question

I have an application communicating with cloud firestore to fetch users data according to its uid and its working fine with the current settings:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write;
    }
  }
}

however clearly that is not acceptable as its public and comes with a warning from firestore:

Your security rules are defined as public, so anyone can steal, modify, or delete data in your database

In the below image is my current database setup, the collection consists of the unique user uid hidden for users privacy... what i would like to accomplish with my Firestore Rules is to allow the uid to only access its own collection uid with read and write access

i tried the below Rules but it failed to access the data:

service cloud.firestore {
  match /database {
    match /{userId} {
      allow read, write;
    }
  }
}

Appreciate any help in pointing me to the right way in writing the Rules! i read the firestore guide but it didn't help at all!

Thanks a lot!

Answer 1

If you want users to read/write documents in their collection, try this:

service cloud.firestore {
  match /databases/{database}/documents {
    // Make sure the uid of the requesting user matches name of the user
    // collection. The wildcard expression {userId} makes the userId variable
    // available in rules.
    match /{userId}/{userDocs} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

If you have nested data, and want users to access all their nested data, try:

service cloud.firestore {
  match /databases/{database}/documents {
    // Make sure the uid of the requesting user matches name of the user
    // collection. The wildcard expression {userId} makes the userId variable
    // available in rules.
    match /{userId}/{userDocs=**} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

Docs:

• Rules and auth
• Recursive wildcard syntax