Firebase Permission Denied
Solution 1
By default the database in a project in the Firebase Console is only readable/writeable by administrative users (e.g. in Cloud Functions, or processes that use an Admin SDK). Users of the regular client-side SDKs can't access the database, unless you change the server-side security rules.
You can change the rules so that the database is only readable/writeable by authenticated users:
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
See the quickstart for the Firebase Database security rules.
But since you're not signing the user in from your code, the database denies you access to the data. To solve that you will either need to allow unauthenticated access to your database, or sign in the user before accessing the database.
Allow unauthenticated access to your database
The simplest workaround for the moment (until the tutorial gets updated) is to go into the Database panel in the console for you project, select the Rules tab and replace the contents with these rules:
{
"rules": {
".read": true,
".write": true
}
}
This makes your new database readable and writeable by anyone who knows the database's URL. Be sure to secure your database again before you go into production, otherwise somebody is likely to start abusing it.
Sign in the user before accessing the database
For a (slightly) more time-consuming, but more secure, solution, call one of the signIn... methods of Firebase Authentication to ensure the user is signed in before accessing the database. The simplest way to do this is using anonymous authentication:
firebase.auth().signInAnonymously().catch(function(error) {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// ...
});
And then attach your listeners when the sign-in is detected
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
// User is signed in.
var isAnonymous = user.isAnonymous;
var uid = user.uid;
var userRef = app.dataInfo.child(app.users);
var useridRef = userRef.child(app.userid);
useridRef.set({
locations: "",
theme: "",
colorScheme: "",
food: ""
});
} else {
// User is signed out.
// ...
}
// ...
});
Solution 2
I was facing similar issue and found out that this error was due to incorrect rules set for read/write operations for real time database. By default google firebase nowadays loads cloud store not real time database. We need to switch to real time and apply the correct rules.
As we can see it says cloud Firestore not real time database, once switched to correct database apply below rules:
{
"rules": {
".read": true,
".write": true
}
}
Solution 3
Go to the "Database" option you mentioned.
- There on the Blue Header you'll find a dropdown which says Cloud Firestore Beta
- Change it to "Realtime database"
- Go to Rules and set .write .read both to true
Copied from here.
Solution 4
Go to database, next to title there are 2 options:
Cloud Firestore, Realtime database
Select Realtime database and go to rules
Change rules to true.
Solution 5
- Open firebase, select database on the left hand side.
- Now on the right hand side, select [Realtime database] from the drown and change the rules to:
{
"rules": {
".read": true,
".write": true
}
}
Robert Prine
Updated on July 08, 2022Comments
-
Robert Prine almost 2 years
I'm relatively new to coding and am having trouble.
I have this code to send data to firebase
app.userid = app.user.uid var userRef = app.dataInfo.child(app.users); var useridRef = userRef.child(app.userid); useridRef.set({ locations: "", theme: "", colorScheme: "", food: "" });However, I keep getting the error:
FIREBASE WARNING: set at /users/(GoogleID) failed: permission_denied 2016-05-23 22:52:42.707 firebase.js:227 Uncaught (in promise) Error: PERMISSION_DENIED: Permission denied(…)
When I try to look this up it talks about rules for Firebase, which seems to be in a language that I haven't learned yet (or it is just going over my head). Can someone explain what is causing the issue? I thought it was that I was asking for it to store email and user display name and you just weren't allowed to do this, but when I took those out I still had the same problem. Is there a way to avoid this error without setting the rules, or are rules something I can teach myself how to write in a day, or am I just way out of my league?
Thanks for any help!
-
Dave Everitt almost 7 yearsThanks - used the insecure fix and quoted your answer in a reply to a similar question to progress past Firebase permission issues in this Ember tutorial. But where do we add the (secure) anonymous auth code?
-
Andy almost 6 yearsOMG there goes an hour. I had this in there but the values were FALSE... I just overlooked it. Changed them to TRUE and bam, app is working like you'd think...
-
André Kool over 5 yearsThis has already been said in the other answer. Also when you suggest this make sure to add a warning because this isn't save! -
contractorwolf over 5 yearsOMG, me fn too, couldnt figure out why they were failing on permissions when they were both already set to false (until i read your comment). duh, noob mistake., they should both be true when you are making it open to the public (reads). Thanks for pointing out your own error, you helped me figure it out. For the record I changed my rule to this: ".read": true and then it started working.
-
Alexey Volodko about 5 yearsDamn UI ! I spent the whole day, figuring out why I have different rules... Ah... It was for "cloud firestore"... Thanks! -
Friedrick over 4 yearsThis is really bad security wise.
-
Mahmudul Hasan Sohag over 4 years@Andy Thanks man , same to me and seeing your comment just solved my prob ;) -
silviot over 3 yearsI downvoted this because I believe it's bad advice. If a rookie asks how to make the front door of their shop open, you can't just recommend they remove the lock altogether. Disabling security rules can lead to a disaster, and potentially very expensive fines if user data is leaked (and most likely it will). Also, it's a duplicate of @ahmed-adewale's answer.
-
silviot over 3 yearsI downvoted this because I believe it's bad advice. If a rookie asks how to make the front door of their shop open, you can't just recommend they remove the lock altogether. Disabling security rules can lead to a disaster, and potentially very expensive fines if user data is leaked (and most likely it will).
-
Ahmed Adewale over 3 yearsA rookie that was stuck here for days would consider my answer so helpful. I know how happy I am when I fix this now I'm helping people and you are downvoting @silviot a rookie is just learning nothing on the production -
silviot over 3 yearsI see your point, and I totally agree with the spirit. Thing is, you didn't specify that in your answer. Had you included a word of caution I would have totally agreed. But you only mention the steps needed to remove security checks, without warning about the possibly unintended consequences.
