Firestore 中的安全规则以防止敏感字段 [英] Firestore security rules in to prevent sensitive field

查看:14
本文介绍了Firestore 中的安全规则以防止敏感字段的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在为一家小公司使用 Firestore 为数据库建模.

I am modeling a database with Firestore, for a small company.

我有一个部门集合.每个部门都是一个文件.在公司里,员工永远不会超过50人.我想把每个员工都当成一张地图.

I have a collection of departments. Each department is a document. In the company, there will never be more than 50 employees. I would like to keep each employee as a map.

所以部门文件会是这样的;

so a department document will be like this;

{ 
  emp1: { name: 'tom', age:23, email: 'tom@x.com'},
  emp2: { name: 'mike', age:35, email: 'mike@x.com'}
}

我想将年龄字段保密,它只能由超级用户访问.据我所知,不可能将访问级别放在字段的粒度上.当客户收到文档时,他将可以访问所有字段.

I would like to keep the age field private, it should be accessed only by superusers. From what I learnt, it is not possible to put access level at the granularity of a field. When a client receives the document, he will have access to all fields.

我该怎么做,我应该保留一个年龄的子集合,这行得通吗?来自 SQL,并且已经在 SQL 中顺利完成了这项工作,但我无法只为一个整数收集一个集合.

How can I go about that, I should keep a sub-collection of ages, would that work? Coming from SQL, and already done this smoothly in SQL, I cannot get my head around to have a collection just for a single integer.

或者还有其他选择吗?我不想收集员工.

Or is there any other alternative? I do not want to have a collection of employees.

推荐答案

您有与一个实体(用户)相关联的数据,该实体(用户)应该对该数据的不同字段具有不同的权限,如果您将这些字段拆分为最简单的在该实体下组织的不同子集合中的文档.在这种情况下,安全规则将更容易实施.简单的公共/私人数据案例:

You have data associated with one entity (a user) that should have varying permissions for different fields of that data, it will be easiest if you split those fields into documents in different subcollections organized under that entity. The security rules will be much easier to implement in that case. The case of simple public/private data:

users/{uid}/public
  - data
    - name
    - email
users/{uid}/private
  - data
    - age

然后您的规则分别针对每个子集合:

Then your rules target each subcollection separately:

match /users/{uid}/public {
  allow read: true;
}

match /users/{uid}/private {
  allow read: if  **...whatever conditions you choose, if any...**
}

这篇关于Firestore 中的安全规则以防止敏感字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆