Firestore安全规则仅允许特定字段 [英] Firestore Security Rules allow specific field only
问题描述
我正在尝试实施安全性规则,以限制用户只能访问文档中的特定字段.我的数据结构是这样的:
I am trying to implement security rule to limit users to access only specific fields inside a document. My data structure goes like this:
document {
name: John,
dob: 1994,
email: john@hotmail.com
}
我想将 name 字段限制为由所有者读取,写入; dob 字段,以由所有者读取,由所有者创建; email 到所有者读取,由所有者更新
I want to limit the name field to read, write by owner; dob field to read by owner, create by owner; email to read by owner, update by owner
我阅读了文档,似乎我只能用安全规则控制对特定文档的访问.它没有提及允许访问特定字段的任何内容.我该怎么做才能允许访问文档中的特定字段?
I read the documentation, and it seems that I can only control access of a specific document with security rules. It didn't mention anything to allow access to a specific field. What I should do in order to allow access to specific fields inside a document?
推荐答案
安全规则不能用于限制对文档中各个字段的访问.如果用户具有对文档的直接读取访问权限,则他们始终可以阅读文档中的每个字段.
Security rules can't be used to limit access to individual fields in a document. If a user has direct read access to a document, they can always read every field in the document.
您这里唯一的选择是:
- 将受限字段拆分为另一个集合中的文档,并以不同的方式保护该集合.
- 完全拒绝对集合的直接访问,并强制用户通过API终结点,该终结点会根据传递给终结点的用户身份剥离出受限字段.
这篇关于Firestore安全规则仅允许特定字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
