Firebase security rules do not work properly

Question

Firebase security rules do not work properly

I am trying to understand how the structure of security rules works. I have the following rules:

{
    "rules": {
        "level1": { //public info
            ".read": true,
            ".write": true,
            "level2": { //private info
              ".read": false,
              ".write": false
              }
        }
    }
}

then testing with a simulator, I’m expected to have access to level 1, NOT to level 2 ...

but the result was i have r / w access to the levels . How so? Am I missing something?

Thank.

+4

firebase firebase-security

pumpkinzzz Jan 27 '15 at 17:54

source share

1 answer

Frank van Puffelen · Accepted Answer · 2015-01-27T19:10:20+0000

When you grant (read or write) access at the same level, you cannot revoke access at a lower level. See this quote from the Firebase documentation for security :

Cascade Rules
-
Firebase. , . .

Firebase security rules do not work properly

More articles: