// Allow read/write access on all documents to any user signed in to the applicationservicecloud.firestore{match/databases/{database}/documents{match/{document=**}{allowread,write:ifrequest.auth!=null;}}}
全部拒绝
// Deny read/write access to all users under any conditionsservicecloud.firestore{match/databases/{database}/documents{match/{document=**}{allowread,write:iffalse;}}}
全部允许
// Allow read/write access to all users under any conditions// Warning: **NEVER** use this rule set in production; it allows// anyone to overwrite your entire database.servicecloud.firestore{match/databases/{database}/documents{match/{document=**}{allowread,write:iftrue;}}}
// Set up Firestore in your project directory, creates a .rules filefirebaseinitfirestore// Edit the generated .rules file to your desired security rules// ...// Deploy rules for all configured databasesfirebasedeploy--onlyfirestore
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["没有我需要的信息","missingTheInformationINeed","thumb-down"],["太复杂/步骤太多","tooComplicatedTooManySteps","thumb-down"],["内容需要更新","outOfDate","thumb-down"],["翻译问题","translationIssue","thumb-down"],["示例/代码问题","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-03。"],[],[],null,["\u003cbr /\u003e\n\nWith Cloud Firestore Security Rules, you can focus on building a great user\nexperience without having to manage infrastructure or write server-side\nauthentication and authorization code.\n\nSecurity rules provide access control and data validation in a simple yet\nexpressive format. To build user-based and role-based access systems that keep your\nusers' data safe, you need to use [Firebase\nAuthentication](https://firebase.google.com/docs/auth/) with Cloud Firestore Security Rules.\n| **Note:** The server client libraries bypass all Cloud Firestore Security Rules and instead authenticate through [Google Application Default Credentials](https://cloud.google.com/docs/authentication/production). If you're using the server client libraries or the REST or RPC APIs, make sure to set up [Identity and Access Management (IAM) for Cloud Firestore](https://cloud.google.com/firestore/docs/security/iam).\n\nSecurity rules version 2\n\nAs of May 2019, version 2 of the Cloud Firestore security rules is now\navailable. Version 2 of the rules changes the behavior of [recursive\nwildcards](/docs/firestore/security/rules-structure#recursive_wildcards) `{name=**}`. You must use version 2 if you plan to\nuse [collection group queries](../query-data/queries#collection-group-query). You must opt-in to\nversion 2 by making `rules_version = '2';` the first line in your security\nrules: \n\n rules_version = '2';\n service cloud.firestore {\n match /databases/{database}/documents {\n\nWriting rules\n\nYou will write and manage Cloud Firestore Security Rules tailored to the data model you\ncreate for the default database and each additional database in your project.\n\nAll Cloud Firestore Security Rules consist of `match` statements, which identify documents in\nyour database, and `allow` expressions, which control access to those documents: \n\n service cloud.firestore {\n match /databases/{database}/documents {\n match /\u003csome_path\u003e/ {\n allow read, write: if \u003csome_condition\u003e;\n }\n }\n }\n\nEvery database request from a Cloud Firestore mobile/web client library is evaluated against\nyour security rules before reading or writing any data. If the rules deny access\nto any of the specified document paths, the entire request fails.\n\nBelow are some examples of basic rule sets. While these rules are valid, they\nare not recommended for production applications: \n\nAuth required \n\n // Allow read/write access on all documents to any user signed in to the application\n service cloud.firestore {\n match /databases/{database}/documents {\n match /{document=**} {\n allow read, write: if request.auth != null;\n }\n }\n }\n\nDeny all \n\n // Deny read/write access to all users under any conditions\n service cloud.firestore {\n match /databases/{database}/documents {\n match /{document=**} {\n allow read, write: if false;\n }\n }\n }\n\nAllow all \n\n // Allow read/write access to all users under any conditions\n // Warning: **NEVER** use this rule set in production; it allows\n // anyone to overwrite your entire database.\n service cloud.firestore {\n match /databases/{database}/documents {\n match /{document=**} {\n allow read, write: if true;\n }\n }\n }\n\nThe `{document=**}` path used in the examples above matches any document in the\nentire database. Continue on to the guide for [structuring security rules](/docs/firestore/security/rules-structure) to\nlearn how to match specific data paths and work with hierarchical data.\n\nTesting rules\n\nCloud Firestore provides a rules simulator that you can use to test your\nruleset. You can access the simulator from the [**Rules** tab](https://console.firebase.google.com/project/_/firestore/rules) in\nthe Cloud Firestore section of the Firebase console.\n\nThe rules simulator lets you simulate authenticated and unauthenticated reads,\nwrites, and deletes. When you simulate an authenticated request, you can build\nand preview authentication tokens from various providers. Simulated requests run\nagainst the ruleset in your editor, not your currently deployed ruleset.\n\nDeploying rules\n\nBefore you can start using Cloud Firestore from your mobile app, you will need\nto deploy security rules. You can deploy rules in the Firebase console, using\nthe Firebase CLI, or with the Cloud Firestore management REST API.\n\nUpdates to Cloud Firestore Security Rules can take up to a minute to affect new queries and\nlisteners. However, it can take up to 10 minutes to fully propagate the changes\nand affect any active listeners.\n| **Note:** **When you\n| [deploy security rules using the Firebase CLI](https://firebase.google.com/docs/cli/#deployment),\n| the rules defined in your project directory overwrite any existing rules in the\n| Firebase console.** So, if you choose to define or edit your security rules using the Firebase console, make sure that you also update the rules defined in your project directory.\n\nUse the Firebase console\n\nTo set up and deploy your first set of rules, for the default database in your\nproject, open the [**Rules** tab](https://console.firebase.google.com/project/_/firestore/rules) in the Cloud Firestore\nsection of the Firebase console.\n\nWrite your rules in the online editor, then click **Publish**.\n| **Note:** The Firebase console currently supports deployment of Cloud Firestore Security Rules to your project's default database. Future updates will allow you to deploy Rules to additional databases in your project. You can use the [Firebase CLI](#use_the_cli) to work with Rules in your multi-database projects.\n\nUse the Firebase CLI\n\nYou can also deploy rules using the [Firebase\nCLI](https://firebase.google.com/docs/cli). Using the CLI allows you to keep\nyour rules under version control with your application code and deploy rules as\npart of your existing deployment process. \n\n // Set up Firestore in your project directory, creates a .rules file\n firebase init firestore\n\n // Edit the generated .rules file to your desired security rules\n // ...\n\n // Deploy rules for all configured databases\n firebase deploy --only firestore\n\nEnhance security for Cloud Storage\n\nYour apps will benefit from the robust database features of Cloud Firestore\nand the file storage and management features of Cloud Storage. Used\ntogether, these products also provide reinforcing app security, since\nCloud Firestore can capture authorization requirements usable by Firebase Security Rules\nfor both products. For more, see the [guide for Cloud Storage](//firebase.google.com/docs/storage/security/rules-conditions#enhance_with_firestore).\n\n\nNext steps\n\n- Learn how to [structure security rules](/docs/firestore/security/rules-structure).\n- Write [custom security rules conditions](/docs/firestore/security/rules-conditions).\n- Read the [security rules reference](https://firebase.google.com/docs/reference/rules/rules)."]]
