0

I am trying to filter data from a document in firestore based on a role of a user. Let's consider I have a document named Company which contains data like a name and billing information. I have a user with the role Employee and he should be able to access the name of the Company but not the billing information. A user with the role Admin should be able to see the entire data.

Company Document in collection:

companyId123: {
  name: "Awesome Company",
  creditCard: "12345678"
}

Roles: Different access levels for admins and employees.

Is there anyway to adjust the data available to users based on their roles? What are the best practices?

Louis
  • 79
  • 5

1 Answers1

2

In Firestore, there is no way to enforce that any given user can only partially read some fields in a document. A document read is all or nothing. If you are trying to implement some kind of isolation between field that certain users can or can't see, that data has to be split into multiple documents across multiple collections.

So, if you have a bunch of data about a company that should be public, you could put those fields in documents in a collection called "companies-public". The fields that should be accessible only to privileged users could be in a different collection called "companies-private".

You will have to model the actual data according to your security requirements.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441