Quickly validate Firebase Security Rules

To quickly test your updated Firebase Security Rules in the Firebase console, use the Firebase Rules Simulator.

The Firebase Rules Simulator is a convenient tool to use as you're exploring new behaviors or quickly validating rules as you write them. It displays a message confirming that access was either allowed or denied according to the parameters you set for the simulation.

Use the Firebase Rules Simulator

  1. Open the Firebase console and select your project.
  2. Then, select Database or Storage from the product navigation.
    • Database: Select a database, then click Rules to navigate to the Rules editor.
    • Storage: Click Rules to navigate to the Rules editor.
  3. Once you've made your edits, click Simulator from the editor.
  4. In the Simulator settings, select options for your test, including:
    • Testing reads or writes.
    • A specific Location in your database, as a path.
    • Authentication type — unauthenticated, authenticated anonymous user, or a specific user ID.
    • Document-specific data that your rules specifically reference (for example, if your rules require the presence of a specific field before allowing a write).
  5. Click Run and look for the results in the banner above the editor.

Sample simulator scenario

Test the simulator behavior with the following sample scenario and basic rules.

  1. In the Rules editor, add the following basic rule:

    Cloud Firestore

    service cloud.firestore {
     match /databases/{database}/documents {
       // Allow only authenticated content owners access
       match /some_collection/{document} {
         allow read, write: if request.auth.uid == request.resource.data.author_uid

    Realtime Database

    // These rules grant access to a node matching the authenticated
    // user's ID from the Firebase auth token
    "rules": {
     "users": {
       "$uid": {
         ".read": "$uid === auth.uid",
         ".write": "$uid === auth.uid"


    // Grants a user access to a node matching their user ID
    service firebase.storage {
    match /b/{bucket}/o {
     // Files look like: "user/<UID>/path/to/file.txt"
     match /user/{userId}/{allPaths=**} {
       allow read, write: if request.auth.uid == userId;
  2. Select get from the Simulation type dropdown menu and enter a valid path in the Location field.

  3. Toggle on Authentication and select an authentication type from the Provider drodpdown.

  4. Enter the user ID details and click Run.

The results of the simulation appear at the top of the editor. Depending on the user ID details you entered, you should see a banner confirming the read was either successfully allowed or denied.