// Allow read/write access on all documents to any user signed in to the applicationservicecloud.firestore{match/databases/{database}/documents{match/{document=**}{allowread,write:ifrequest.auth!=null;}}}
全部拒绝
// Deny read/write access to all users under any conditionsservicecloud.firestore{match/databases/{database}/documents{match/{document=**}{allowread,write:iffalse;}}}
全部允许
// Allow read/write access to all users under any conditions// Warning: **NEVER** use this rule set in production; it allows// anyone to overwrite your entire database.servicecloud.firestore{match/databases/{database}/documents{match/{document=**}{allowread,write:iftrue;}}}
// Set up Firestore in your project directory, creates a .rules filefirebaseinitfirestore// Edit the generated .rules file to your desired security rules// ...// Deploy rules for all configured databasesfirebasedeploy--onlyfirestore
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-25。"],[],[],null,["# Getting started with security rules\n===================================\n\nWith Firestore Security Rules, you can focus on building a great user\nexperience without having to manage infrastructure or write server-side\nauthentication and authorization code.\n\nSecurity rules provide access control and data validation in a simple yet\nexpressive format. To build user-based and role-based access systems that keep your\nusers' data safe, you need to use [Firebase\nAuthentication](https://firebase.google.com/docs/auth/) with Firestore Security Rules.\n| **Note:** The server client libraries bypass all Firestore Security Rules and instead authenticate through [Google Application Default Credentials](https://cloud.google.com/docs/authentication/production). If you're using the server client libraries or the REST or RPC APIs, make sure to set up [Identity and Access Management (IAM) for Firestore](https://cloud.google.com/firestore/docs/security/iam).\n\nSecurity rules version 2\n------------------------\n\nAs of May 2019, version 2 of the Firestore security rules is now\navailable. Version 2 of the rules changes the behavior of [recursive\nwildcards](/firestore/native/docs/security/rules-structure#recursive_wildcards) `{name=**}`. You must use version 2 if you plan to\nuse [collection group queries](../query-data/queries#collection-group-query). You must opt-in to\nversion 2 by making `rules_version = '2';` the first line in your security\nrules: \n\n rules_version = '2';\n service cloud.firestore {\n match /databases/{database}/documents {\n\nWriting rules\n-------------\n\nYou will write and manage Firestore Security Rules tailored to the data model you\ncreate for the default database and each additional database in your project.\n\nAll Firestore Security Rules consist of `match` statements, which identify documents in\nyour database, and `allow` expressions, which control access to those documents: \n\n service cloud.firestore {\n match /databases/{database}/documents {\n match /\u003csome_path\u003e/ {\n allow read, write: if \u003csome_condition\u003e;\n }\n }\n }\n\nEvery database request from a Firestore mobile/web client library is evaluated against\nyour security rules before reading or writing any data. If the rules deny access\nto any of the specified document paths, the entire request fails.\n\nBelow are some examples of basic rule sets. While these rules are valid, they\nare not recommended for production applications: \n\n### Auth required\n\n // Allow read/write access on all documents to any user signed in to the application\n service cloud.firestore {\n match /databases/{database}/documents {\n match /{document=**} {\n allow read, write: if request.auth != null;\n }\n }\n }\n\n### Deny all\n\n // Deny read/write access to all users under any conditions\n service cloud.firestore {\n match /databases/{database}/documents {\n match /{document=**} {\n allow read, write: if false;\n }\n }\n }\n\n### Allow all\n\n // Allow read/write access to all users under any conditions\n // Warning: **NEVER** use this rule set in production; it allows\n // anyone to overwrite your entire database.\n service cloud.firestore {\n match /databases/{database}/documents {\n match /{document=**} {\n allow read, write: if true;\n }\n }\n }\n\nThe `{document=**}` path used in the examples above matches any document in the\nentire database. Continue on to the guide for [structuring security rules](/firestore/native/docs/security/rules-structure) to\nlearn how to match specific data paths and work with hierarchical data.\n\nTesting rules\n-------------\n\nFirestore provides a rules simulator that you can use to test your\nruleset. You can access the simulator from the [**Rules** tab](https://console.firebase.google.com/project/_/firestore/rules) in\nthe Firestore section of the Firebase console.\n\nThe rules simulator lets you simulate authenticated and unauthenticated reads,\nwrites, and deletes. When you simulate an authenticated request, you can build\nand preview authentication tokens from various providers. Simulated requests run\nagainst the ruleset in your editor, not your currently deployed ruleset.\n\nDeploying rules\n---------------\n\nBefore you can start using Firestore from your mobile app, you will need\nto deploy security rules. You can deploy rules in the Firebase console, using\nthe Firebase CLI, or with the Firestore management REST API.\n\nUpdates to Firestore Security Rules can take up to a minute to affect new queries and\nlisteners. However, it can take up to 10 minutes to fully propagate the changes\nand affect any active listeners.\n| **Note:** **When you\n| [deploy security rules using the Firebase CLI](https://firebase.google.com/docs/cli/#deployment),\n| the rules defined in your project directory overwrite any existing rules in the\n| Firebase console.** So, if you choose to define or edit your security rules using the Firebase console, make sure that you also update the rules defined in your project directory.\n\n### Use the Firebase console\n\nTo set up and deploy your first set of rules, for the default database in your\nproject, open the [**Rules** tab](https://console.firebase.google.com/project/_/firestore/rules) in the Firestore\nsection of the Firebase console.\n\nWrite your rules in the online editor, then click **Publish**.\n| **Note:** The Firebase console currently supports deployment of Firestore Security Rules to your project's default database. Future updates will allow you to deploy Rules to additional databases in your project. You can use the [Firebase CLI](#use_the_cli) to work with Rules in your multi-database projects.\n\n### Use the Firebase CLI\n\nYou can also deploy rules using the [Firebase\nCLI](https://firebase.google.com/docs/cli). Using the CLI allows you to keep\nyour rules under version control with your application code and deploy rules as\npart of your existing deployment process. \n\n // Set up Firestore in your project directory, creates a .rules file\n firebase init firestore\n\n // Edit the generated .rules file to your desired security rules\n // ...\n\n // Deploy rules for all configured databases\n firebase deploy --only firestore\n\nNext steps\n----------\n\n- Learn how to [structure security rules](/firestore/native/docs/security/rules-structure).\n- Write [custom security rules conditions](/firestore/native/docs/security/rules-conditions).\n- Read the [security rules reference](https://firebase.google.com/docs/reference/rules/rules)."]]
