Firestore Security Rules

Production rules are preserved in emulation. Authenticated users can access the prod database under the documented paths.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    // Allow authenticated users to access prod database
    match /prod/{document=**} {
      allow read, write: if request.auth != null;
    }
    
    // Specific rules for user-config collection
    match /prod/user-config/{userId} {
      allow read, write: if request.auth != null;
      
      // Allow access to workflows subcollection
      match /workflows/{workflowId} {
        allow read, write: if request.auth != null;
      }
    }
  }
}

Rules must be identical in emulator and production to maintain behavior parity with the frontend.

Firestore Security Rules #

Firestore Security Rules