I’ve been building a few apps recently that leverage Cloud Firestore for data storage. These are personal apps and don’t store anything particularly sensitive, though that is no reason to leave them in the default development configuration that let’s anyone read/write everything.
Although in many projects I’m the only user, there are handful of others where a few people are using the app. A fairly flexible configuration approach that I use as my default is to only allow access if the user is in an ‘allow list’.
I’ll show the steps needed to do this below, the pre-requisites are:
- Cloud Firestore enabled for the project
- Authentication configured for the project with at least one user authenticated
- Every user you want to grant access will need to authenticate with the project as we’re using their firebase User UID, which is unique to each project