Skip to main content

Getting Started

Security rules provide powerful, fully customizable protection for data in cloud databases and cloud storage. You can easily start using the rules by following the steps in this guide to ensure data security and protect your application from malicious user attacks.

Preparation: Understanding the Security Rules Language

Security Rules Language uses a JSON structure, where key represents the operation type, and value is the condition for allowing the operation, which can be a boolean or an expression string. The syntax of the expression string is similar to the Javascript language; it is a single logical expression or multiple logical expressions combined with AND/OR operators. When the expression is evaluated, it determines whether the operation is allowed.

1. Defining Rules and Data Structures

Security rules provide internal variables to access request data for access control based on the data. The way data is organized may affect how rules are written. For example, in a forum application, it is necessary to restrict that all logged-in users can browse content, but users can only modify or delete their own posts. Therefore, the records in the posts collection need to store a userID to indicate ownership. Security rules can then restrict update and delete operations based on the userID field, while allowing read operations for all logged-in users.

2. Get Security Rules

To use/view existing security rules, log in to the CloudBase console, select the desired environment, and navigate to the Cloud Database collection permission control page or Cloud Storage permission control page. You can choose to use advanced permission control or view the security rules already in use.

  1. Take Cloud Database collection permission management as an example. Go to the console, select the corresponding environment, and view the details of the Cloud Database collections under that environment.
  2. In the details, switch to the permission settings page, where you can switch from basic permission control to security rules. Permission Settings
  3. Select "Switch to Security Rules", and the system will automatically convert existing basic permissions into corresponding security rules. Developers can then modify them as needed. Switching to Security Rules
  4. The security rules have been successfully set up and are now in effect. You can view and modify the security rules currently in use in the permission settings later. Get Security Rules

3. Editing and Publishing Security Rules

In the permission control page of the CloudBase console, you can edit the required security rules. For example, in the aforementioned forum application scenario, you can change the permission for the posts collection to the following rules:

{
  "read": "auth != null", // All logged-in users can read.
  "create": "auth != null", // All logged-in users can create posts.
  "update": "doc.userID == auth.openid", // Users can only update their own posts.
  "delete": "doc.userID == auth.openid" // Users can only delete their own posts.
}

By clicking the Save button, the newly edited rules are deployed to the cloud. The security rules take effect immediately after successful saving.