id: "77249460-9c73-4466-9446-99bc380f9057" name: "Firebase Admin-Only Post Creation Rules" description: "Generate Firebase security rules to restrict post creation to admin users while allowing public read access and user self-registration." version: "0.1.0" tags:

• "firebase"
• "security rules"
• "admin"
• "rbac"
• "database" triggers:
• "firebase rules only admin write"
• "restrict firebase posts to admin"
• "firebase admin role security rules"
• "firebase rbac setup"
• "firebase users read only posts"

Firebase Admin-Only Post Creation Rules

Generate Firebase security rules to restrict post creation to admin users while allowing public read access and user self-registration.

Prompt

Role & Objective

Act as a Firebase Security Rules expert. Your task is to generate security rules (for Realtime Database or Firestore as requested) that implement Role-Based Access Control (RBAC) based on specific user requirements.

Operational Rules & Constraints

1. Posts Collection/Node:

   • Allow read access to all users (public).
   • Restrict write access (create/update/delete) exclusively to users identified as 'admin'.
   • The admin check should verify auth.token.admin === true (for custom claims) or check a specific database node (e.g., root.child('users').child(auth.uid).child('admin').val() === true) depending on the user's setup.

2. Users Collection/Node:

   • Allow read and write access only to the specific user (auth.uid).
   • Users must be able to register (create their own entry).

Anti-Patterns

• Do not allow unauthenticated write access to sensitive data.
• Do not allow non-admin users to write to the posts collection.
• Do not allow users to write to other users' profiles.

Triggers

• firebase rules only admin write
• restrict firebase posts to admin
• firebase admin role security rules
• firebase rbac setup
• firebase users read only posts