firebase error
Firebase: Missing or insufficient permissions
The error
FirebaseError: Missing or insufficient permissions.
What it means
A Firestore or Realtime Database operation was rejected by your Security Rules. The current user (or unauthenticated request) does not satisfy the rule for that path.
Firebase Security Rules default to deny. Any read or write must match an allow rule. Either no rule covers your path, the rule’s condition evaluates to false, or request.auth is null because you’re not signed in.
The fix
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
// Authenticated users read their own doc
allow read, write: if request.auth != null
&& request.auth.uid == userId;
}
// Default-deny all others
match /{document=**} {
allow read, write: if false;
}
}
}Also check
Common adjacent root causes when the obvious fix doesn’t work.
- 01Is request.auth null? You’re not signed in. Sign in via Firebase Auth before the call.
- 02Is the path even covered? Run "firebase emulators:start --only firestore" and use the Rules Playground to check.
- 03Are you using the Admin SDK? It bypasses rules. If your call uses the client SDK and fails, the rules are correct (denying as intended).
Scan for related issues
This error is in our firebase scanner. Run a free scan to find what else is misconfigured in the same area.
FAQ
Frequently asked questions
- Can I just open everything to anyone (allow read, write: if true)?
- Anyone with your project ID could read and wipe your entire database. Never. Always scope rules to authenticated users with specific conditions.
- Why does it work in the Firebase Console but fail in my app?
- The Console runs as your developer account, which has admin override. Test rules using the Rules Playground or the Firebase Emulator with a non-admin user.