How to deny read access to only a particular child node (user) of parent node "users" in firebase real-time database?

ShubhSrivastava
February 7, 2023
74 views
0 votes
2 Answers

My database structure is:

root
    |_users

        |_ user0
        |_ user1  x
        |_ user2
        |_ . . .

I want to deny data read for user1 only.
Means, read with following paths should NOT be denied :

/
/users
/users/user0
/users/user2

I tried this out, but it will not work on data read with /users path

{
    "rules": {
        "$allreferences": {
            ".read":true,
        },
        "users": {
            "$allusers": {
                ".read":" $allusers !== "user1" "
            }
        }
    }
}

Answers

- m7s
- February 7, 2023 at 11:49 am
- 0 votes
0
try to use this code
```
{
  "rules": {
    "users": {
      "user1": {
        ".read": false
      }
    }
  }
}
```
Login or Signup to reply.

- FrankvanPuffelen
- February 7, 2023 at 3:55 pm
- 0 votes
0
You can use a combination of a named rule and a wildcard rule for this:
```
"users": {
    "user1": {
        ".read": false
    },
    "$other": {
        ".read": true
    }
}
```
Note though that you now won’t be able to read directly from /users and will instead have to read each individual user node. This is because any permission you grant on /users would cascade downwards to all child nodes, and there’s no way to implement an exception to this rule.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.