Generate security rules for Firestore and Firebase Storage. Select your collection and access pattern, get copy-paste rules.
Default test-mode rules (allow read, write: if true) are the #1 Firebase security mistake
The name of your Firestore collection (e.g., users, orders, messages)
How should users be able to access documents in this collection?
The document field that stores the owner's UID (must match request.auth.uid)
Never use in production: allow read, write: if true; — this gives everyone full access to your database. Always replace test-mode rules before going live.
Copy the generated rules and paste them into the Firebase Console (Firestore Database → Rules, or Storage → Rules). Click "Publish" to apply them. Then test by accessing data without authentication to verify they work.
Using Supabase instead? Try the RLS Generator. Want to verify your app is secure? Scan your site for free.