Role-Based Authorization Step 17

This lesson is only available for PRO members. Sign-in and choose a plan below.


  • Unlimited course access
  • Cancel anytime
  • Slack #pro-member invite
  • AngularFirebase Survival Guide Book


  • All monthly tier benefits
  • 33.33% discount
  • 🔥 Free Sticker


  • All monthly tier Benefits
  • One-time payment
  • 🔥 Free sticker & 👔 T-Shirt

Sample Firestore rules for Role-based Authorization where the user document determines the access level.

file_type_firebase rules.json
match /posts/{document} {

    function getRoles() {
        return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles;

    allow read;
    allow update: if getRoles().hasAny(['admin', 'editor']) == true;
    allow write: if getRoles().hasAny(['admin']) == true;

Q&A Chat