如何在Firebase中实施基于角色的访问控制? [英] how do I implement role based access control in firebase
问题描述
直接授权给auth变量(或者至少这似乎不是一个预期的策略)。我建议创建一个由 auth.uid
组织的用户集合,并且可以保留任何你想要的权限属性,这样你的安全规则可能看起来像(未经测试):
{
rules:{
.read:true,
users:{
.write:root.child('users')。child(auth.uid).child('role')。val()=='admin'
}
}
}
角色
是属于用户
集合中所有对象的属性。
This is my first foray into Firebase & nosql, I come from a SQL background.
Using Simple Login Security Email/Password, how do I limit access to data in Firebase? For example, some user will have access to create a business object (users, customers, categories, etc), others won't. Is there a way to attach a list of permissions to the "auth" variable?
There isn't a way to attach permissions directly to the auth variable (or at least that doesn't seem to be an intended strategy). I'd recommend creating a collection of users organized by auth.uid
and you can keep whatever kind of permission attributes you want in there, such that your security rules might something look like this (untested):
{
"rules": {
".read": true,
"users": {
".write": "root.child('users').child(auth.uid).child('role').val() == 'admin'"
}
}
}
Where role
is an attribute belonging to all objects in your users
collection.
这篇关于如何在Firebase中实施基于角色的访问控制?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!