Stay organized with collections
Save and categorize content based on your preferences.
To quickly test your updated Firebase Security Rules in the Firebase console, use
the Rules Playground.
The Rules Playground is a convenient tool to use as you're exploring
new behaviors or quickly validating rules as you write them. It displays a
message confirming that access was either allowed or denied according to the
parameters you set for the simulation.
Then, from the product navigation, do one of the following:
Select Realtime Database, Cloud Firestore, or Storage,
as appropriate, then click Rules to navigate to the Rules
editor.
Once you've made your edits, click Rules Playground from the editor.
In the Rules Playground settings, select options for your test, including:
Testing reads or writes.
A specific Location in your database or storage bucket, as a path.
Authentication type — unauthenticated, authenticated anonymous user, or a
specific user ID.
Document-specific data that your rules specifically reference (for
example, if your rules require the presence of a specific field before
allowing a write).
Click Run and look for the results in the banner above the editor.
Sample Rules Playground scenario
Test the Rules Playground behavior with the following sample scenario
and basic rules.
Cloud Firestore
service cloud.firestore {
match /databases/{database}/documents {
// Allow only authenticated content owners access
match /some_collection/{document} {
allow read, write: if request.auth != null && request.auth.uid == request.resource.data.author_uid
}
}
}
Realtime Database
// These rules grant access to a node matching the authenticated// user's ID from the Firebase auth token{"rules":{"users":{"$uid":{".read":"$uid === auth.uid",".write":"$uid === auth.uid"}}}}
Cloud Storage
// Grants a user access to a node matching their user IDservicefirebase.storage{match/b/{bucket}/o{// Files look like: "user/<UID>/file.txt"match/user/{userId}/{fileName}{allowread,write:ifrequest.auth!=null && request.auth.uid==userId;}}}
In the Rules editor, add the rule given.
Select get from the Simulation type drop-down menu and enter a valid
path in the Location field.
Toggle on Authentication and select an authentication type from the
Provider drop-down.
Enter the user ID details and click Run.
The results of the simulation appear at the top of the editor. Depending on the
user ID details you entered, you should see a banner confirming the read
was either successfully allowed or denied.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-27 UTC."],[],[],null,["\u003cbr /\u003e\n\nTo quickly test your updated Firebase Security Rules in the Firebase console, use\nthe Rules Playground.\n| **Note:** To fully validate your app's behavior and verify your Firebase Security Rules \n| configurations, use the [Firebase Emulator](/docs/rules/emulator-setup) to run and automate unit tests in a local environment.\n\nThe Rules Playground is a convenient tool to use as you're exploring\nnew behaviors or quickly validating rules as you write them. It displays a\nmessage confirming that access was either allowed or denied according to the\nparameters you set for the simulation.\n\nUse the Rules Playground\n\n1. Open the [Firebase console](//console.firebase.google.com/) and select your project.\n2. Then, from the product navigation, do one of the following:\n - Select **Realtime Database** , **Cloud Firestore** , or **Storage** , as appropriate, then click **Rules** to navigate to the Rules editor.\n3. Once you've made your edits, click **Rules Playground** from the editor.\n4. In the *Rules Playground* settings, select options for your test, including:\n - Testing reads or writes.\n - A specific **Location** in your database or storage bucket, as a path.\n - Authentication type --- unauthenticated, authenticated anonymous user, or a specific user ID.\n - Document-specific data that your rules specifically reference (for example, if your rules require the presence of a specific field before allowing a write).\n5. Click **Run** and look for the results in the banner above the editor.\n\nSample Rules Playground scenario\n\nTest the Rules Playground behavior with the following sample scenario\nand basic rules. \n\nCloud Firestore \n\n service cloud.firestore {\n match /databases/{database}/documents {\n // Allow only authenticated content owners access\n match /some_collection/{document} {\n allow read, write: if request.auth != null && request.auth.uid == request.resource.data.author_uid\n }\n }\n }\n\nRealtime Database\n\n\u003cbr /\u003e\n\n```scilab\n // These rules grant access to a node matching the authenticated\n // user's ID from the Firebase auth token\n {\n \"rules\": {\n \"users\": {\n \"$uid\": {\n \".read\": \"$uid === auth.uid\",\n \".write\": \"$uid === auth.uid\"\n }\n }\n }\n }\n \n```\n\n\u003cbr /\u003e\n\nCloud Storage \n\n // Grants a user access to a node matching their user ID\n service firebase.storage {\n match /b/{bucket}/o {\n // Files look like: \"user/<UID>/file.txt\"\n match /user/{userId}/{fileName} {\n allow read, write: if request.auth != null && request.auth.uid == userId;\n }\n }\n }\n\n- In the Rules editor, add the rule given.\n\n-\n Select **get** from the **Simulation type** drop-down menu and enter a valid\n path in the **Location** field.\n\n- Toggle on **Authentication** and select an authentication type from the\n **Provider** drop-down.\n\n- Enter the user ID details and click **Run**.\n\nThe results of the simulation appear at the top of the editor. Depending on the\nuser ID details you entered, you should see a banner confirming the read\nwas either successfully allowed or denied."]]
Select get from the Simulation type drop-down menu and enter a valid
path in the Location field.