Firebase Security Rules roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Firebase Security Rules. To search through all roles and permissions, see the role and permission index.

Firebase Security Rules roles

Role Permissions

Role	Permissions
Firebase Rules Admin (`roles/firebaserules.admin`) Full management of Firebase Rules.	`firebaserules.*` `firebaserules.releases.create` `firebaserules.releases.delete` `firebaserules.releases.get` `firebaserules.releases.getExecutable` `firebaserules.releases.list` `firebaserules.releases.update` `firebaserules.rulesets.create` `firebaserules.rulesets.delete` `firebaserules.rulesets.get` `firebaserules.rulesets.list` `firebaserules.rulesets.test` `resourcemanager.projects.get` `resourcemanager.projects.list`
Firebase Rules Firestore Service Agent (`roles/firebaserules.firestoreServiceAgent`) Grants Firebase Security Rules access to Firestore for providing cross-service Rules. Warning: Do not grant service agent roles to any principals except service agents.	`datastore.entities.get`
Firebase Rules System (`roles/firebaserules.system`) Read/write/list access for Datastore entities and Cloud Storage objects, as well as get/list/publish access for PubSub topics.	`datastore.databases.get` `datastore.entities.*` `datastore.entities.allocateIds` `datastore.entities.create` `datastore.entities.delete` `datastore.entities.get` `datastore.entities.list` `datastore.entities.update` `pubsub.topics.get` `pubsub.topics.list` `pubsub.topics.publish` `resourcemanager.projects.get` `resourcemanager.projects.list` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Firebase Rules Viewer (`roles/firebaserules.viewer`) Read-only access on all resources with the ability to test Rulesets.	`firebaserules.releases.get` `firebaserules.releases.list` `firebaserules.rulesets.get` `firebaserules.rulesets.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Firebase Rules Admin

(roles/firebaserules.admin)

Full management of Firebase Rules.

firebaserules.*

firebaserules.releases.create
firebaserules.releases.delete
firebaserules.releases.get
firebaserules.releases.getExecutable
firebaserules.releases.list
firebaserules.releases.update
firebaserules.rulesets.create
firebaserules.rulesets.delete
firebaserules.rulesets.get
firebaserules.rulesets.list
firebaserules.rulesets.test

resourcemanager.projects.get

resourcemanager.projects.list

Firebase Rules Firestore Service Agent

(roles/firebaserules.firestoreServiceAgent)

Grants Firebase Security Rules access to Firestore for providing cross-service Rules.

datastore.entities.get

Firebase Rules System

(roles/firebaserules.system)

Read/write/list access for Datastore entities and Cloud Storage objects, as well as get/list/publish access for PubSub topics.

datastore.databases.get

datastore.entities.*

datastore.entities.allocateIds
datastore.entities.create
datastore.entities.delete
datastore.entities.get
datastore.entities.list
datastore.entities.update

pubsub.topics.get

pubsub.topics.list

pubsub.topics.publish

resourcemanager.projects.get

resourcemanager.projects.list

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Firebase Rules Viewer

(roles/firebaserules.viewer)

Read-only access on all resources with the ability to test Rulesets.

firebaserules.releases.get

firebaserules.releases.list

firebaserules.rulesets.get

firebaserules.rulesets.list

resourcemanager.projects.get

resourcemanager.projects.list

Firebase Security Rules permissions

Permission	Included in roles
`firebaserules.releases.create`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Rules Admin (`roles/firebaserules.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`firebaserules.releases.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Rules Admin (`roles/firebaserules.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`firebaserules.releases.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Rules Viewer (`roles/firebaserules.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`firebaserules.releases.getExecutable`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Rules Admin (`roles/firebaserules.admin`)
`firebaserules.releases.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Rules Viewer (`roles/firebaserules.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`firebaserules.releases.update`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Rules Admin (`roles/firebaserules.admin`)
`firebaserules.rulesets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Rules Admin (`roles/firebaserules.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`firebaserules.rulesets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Rules Admin (`roles/firebaserules.admin`)
`firebaserules.rulesets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Rules Viewer (`roles/firebaserules.viewer`)
`firebaserules.rulesets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Rules Viewer (`roles/firebaserules.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`firebaserules.rulesets.test`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Rules Admin (`roles/firebaserules.admin`)

Firebase Security Rules roles and permissions
Stay organized with collections Save and categorize content based on your preferences.