Firebase Security Rules roles and permissions

This page lists the IAM roles and permissions for Firebase Security Rules. To search through all roles and permissions, see the role and permission index.

Firebase Security Rules roles

Role Permissions

Role	Permissions
Firebase Rules Admin (`roles/firebaserules.admin`) Full management of Firebase Rules.	`firebaserules.*` `firebaserules.releases.create` `firebaserules.releases.delete` `firebaserules.releases.get` `firebaserules.releases.getExecutable` `firebaserules.releases.list` `firebaserules.releases.update` `firebaserules.rulesets.create` `firebaserules.rulesets.delete` `firebaserules.rulesets.get` `firebaserules.rulesets.list` `firebaserules.rulesets.test` `resourcemanager.projects.get` `resourcemanager.projects.list`
Firebase Rules System (`roles/firebaserules.system`) Read/write/list access for Datastore entities and Cloud Storage objects, as well as get/list/publish access for PubSub topics.	`datastore.databases.get` `datastore.entities.*` `datastore.entities.allocateIds` `datastore.entities.create` `datastore.entities.delete` `datastore.entities.get` `datastore.entities.list` `datastore.entities.update` `pubsub.topics.get` `pubsub.topics.list` `pubsub.topics.publish` `resourcemanager.projects.get` `resourcemanager.projects.list` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Firebase Rules Viewer (`roles/firebaserules.viewer`) Read-only access on all resources with the ability to test Rulesets.	`firebaserules.releases.get` `firebaserules.releases.list` `firebaserules.rulesets.get` `firebaserules.rulesets.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Firebase Rules Admin

(roles/firebaserules.admin)

Full management of Firebase Rules.

firebaserules.*

firebaserules.releases.create
firebaserules.releases.delete
firebaserules.releases.get
firebaserules.releases.getExecutable
firebaserules.releases.list
firebaserules.releases.update
firebaserules.rulesets.create
firebaserules.rulesets.delete
firebaserules.rulesets.get
firebaserules.rulesets.list
firebaserules.rulesets.test

resourcemanager.projects.get

resourcemanager.projects.list

Firebase Rules System

(roles/firebaserules.system)

Read/write/list access for Datastore entities and Cloud Storage objects, as well as get/list/publish access for PubSub topics.

datastore.databases.get

datastore.entities.*

datastore.entities.allocateIds
datastore.entities.create
datastore.entities.delete
datastore.entities.get
datastore.entities.list
datastore.entities.update

pubsub.topics.get

pubsub.topics.list

pubsub.topics.publish

resourcemanager.projects.get

resourcemanager.projects.list

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Firebase Rules Viewer

(roles/firebaserules.viewer)

Read-only access on all resources with the ability to test Rulesets.

firebaserules.releases.get

firebaserules.releases.list

firebaserules.rulesets.get

firebaserules.rulesets.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Firebase Rules Firestore Service Agent (`roles/firebaserules.firestoreServiceAgent`) Grants Firebase Security Rules access to Firestore for providing cross-service Rules. Warning: Do not grant service agent roles to any principals except service agents.	`datastore.entities.get`

Firebase Rules Firestore Service Agent

(roles/firebaserules.firestoreServiceAgent)

Grants Firebase Security Rules access to Firestore for providing cross-service Rules.

datastore.entities.get

Firebase Security Rules permissions

Permission	Included in roles
`firebaserules.releases.create`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`firebaserules.releases.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`)
`firebaserules.releases.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Rules Viewer (`roles/firebaserules.viewer`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`)
`firebaserules.releases.getExecutable`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Support User (`roles/iam.supportUser`)
`firebaserules.releases.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Rules Viewer (`roles/firebaserules.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`)
`firebaserules.releases.update`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`)
`firebaserules.rulesets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`)
`firebaserules.rulesets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`)
`firebaserules.rulesets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Rules Viewer (`roles/firebaserules.viewer`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`)
`firebaserules.rulesets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Viewer (`roles/firebase.viewer`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Rules Viewer (`roles/firebaserules.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Firebase Develop Admin (`roles/firebase.developAdmin`) Firebase Develop Viewer (`roles/firebase.developViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Firebase Service Management Service Agent (`roles/firebase.managementServiceAgent`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`)
`firebaserules.rulesets.test`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin (`roles/firebase.admin`) Firebase Editor (`roles/firebase.editor`) Firebase Rules Admin (`roles/firebaserules.admin`) Firebase Develop Admin (`roles/firebase.developAdmin`) Support User (`roles/iam.supportUser`)

Firebase Security Rules roles and permissions