Firestore Security Rules allow specific field only [duplicate]

问题

This question already has answers here:

How to allow only particular fields of a firestore document to be accessed publicly (1 answer)

Can I restrict certain fields in firestore database to be only fetched by firebase admin? (2 answers)

Closed 6 months ago.

I am trying to implement security rule to limit users to access only specific fields inside a document. My data structure goes like this:

document {
  name: John,
  dob: 1994,
  email: john@hotmail.com
}

I want to limit the name field to read, write by owner; dob field to read by owner, create by owner; email to read by owner, update by owner

I read the documentation, and it seems that I can only control access of a specific document with security rules. It didn't mention anything to allow access to a specific field. What I should do in order to allow access to specific fields inside a document?

回答1:

Security rules can't be used to limit access to individual fields in a document. If a user has direct read access to a document, they can always read every field in the document.

Your only alternatives here are:

1. Split the restricted fields into a document in another collection, and protect that collection differently.
2. Reject direct access to the collection entirely, and force users through an API endpoint that strips out the restricted fields based on the user's identity, which was passed to the endpoint.

来源：https://stackoverflow.com/questions/62904085/firestore-security-rules-allow-specific-field-only