Google Announces Firestore Security Rules Simulator

Security Hero

When storing and working with company or user data, it can be a challenge to ensure that it is safe and secure. Whether it be keeping outsiders with malicious intent away from the data or simply making sure that only employees who require access to the data have it, there is a lot of work that goes into developing and testing security rules and procedures.



As a way to make this process easier, Google recently introduced the Firestore Security Rules Simulator. This is a new tool that developers and administrators can use to write and test security rules for Google’s Cloud Firestore database in a quick and efficient manner.

Previously, those writing and testing Firebase security rules had no choice but to actually deploy the rules and then run tests against them once they were live. If any of the rules didn’t function as expected, they would then have to be edited, re-deployed, and then re-tested in a process that was both tedious and time-consuming.

However, with the introduction of the Firestore Security Rules Simulator, developers are now able to write security rules and test them against their actual Firestore databases from right within the Firebase console. And perhaps the best part about this new tool is that testing can be done without having to actually deploy the rules to an actual Firestore database.

Some of the functions that developers can write rule tests for include document reads, writes, and deletes, all of which can be tested against an organization’s actual Firestore database. There is also the option to simulate a particular user being signed in, which can be useful for testing permissions that may be assigned to various user accounts.

In addition to releasing the Firestore Security Rules Simulator, Google also increased the number of calls that can be made per security rule from three to ten for single document requests. For those that are using batch-requests or other multi-resource requests, a total of 20 combined calls is allowed for all of the documents included in the call.

Google also mentioned that is has improved its reference documentation related to Firebase Security Rules and the specific language that is used to write them.

Security is something that cannot be taken lightly, especially with the amount of data that is stored in the cloud today. While there are many advantages to having data stored in the cloud or hybrid environments, security has to be one of the top priorities of developers and administrators that work with that data on a daily basis. And being able to test both new and existing security rules against an actual Firestore database is something that can be very helpful, as it allows for a faster testing and refinement process.