问题
Does anyone know how to enforce security rules in Firebase on writes performed by the admin server?
E.g.:
userDetail: { ".validate" : //some security rule based on database reference// }
I want to ensure that a write by admin server adheres to this validation rule. I understand that a security rule can be put in place on the server itself, but I want to ensure that the data is consistent with another location in the database that can be modified by other server instances.
回答1:
You cannot write security rules that apply to requests that have an administrative privileges access level – which is the default for service account authentication. Security is completely disabled then, including validation rules.
But this does not mean that you can't have your servers in check. Change the server to authenticate with limited privileges. In both Node and Java, the keyword is databaseAuthVariableOverride.
See also the Admin SDK setup documentation.
来源:https://stackoverflow.com/questions/40548738/is-there-a-way-to-add-security-rules-that-apply-to-admin-in-firebase