Role-Based Authorization Role-based access control and security rules

This lesson is available for PRO members or as a single course purchase. Sign-in and choose a plan below.
Get Unlimited PRO Access


*Enrollment provides full access to this course (and updates) for life.

Sample Firestore rules for Role-based Authorization where the user document determines the access level.

file_type_firebase rules.json
match /posts/{document} {

    function getRoles() {
        return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles;

    allow read;
    allow update: if getRoles().hasAny(['admin', 'editor']) == true;
    allow write: if getRoles().hasAny(['admin']) == true;


Ask questions via GitHub below OR chat on Slack #questions