Best practice: user profiles with public and private data

1,494 views
Skip to first unread message

Andreas Bartels

unread,
Mar 21, 2017, 9:55:50 AM3/21/17
to Firebase Google Group
I want to store different types of data about a user, for example:

  • Public: stuff like a publicly visible screen name of a user. This should be readable by everyone, but writable only by the user (and admins?)
  • Private: stuff like the user's settings, both readable and writable only by the user (+ server-side to enforce read/write rules in other parts of the database)
  • Admin: stuff like the user's permissions (is the user an admin?), readable by the user (+server), writable only by an admin user
  • ...potentially some other combinations of read/write access limitations.
The actual implementation of the read/write rules is not the issue here - but I wonder about the ramifications of arranging my data one way or another, and whether there are "best practice" examples to avoid pitfalls I might not even be seeing at the moment. For example:

  1. users/$uid/[private|public|admin]: all information about a single user would be held in one place, and could potentially be read in a single operation. However, subsequently writing a user profile needs to handle all cases of having previously read incomplete data due to database rules
  2. users/[private|public|admin]/$uid: Data arranged by access limitations, potentially making the necessary rules a bit simpler. At the same time, splitting data that "belongs" together, complicating reading from the database into a local object (say, Profile userProfile = dataSnapshot.getValue(Profile.class))
  3. Something completely different, like for example moving the "admin status" flags out of my profiles completely and instead making those simple key-value-pairs like $uid:true under a separate admin/ node.
I perfectly understand that, in the end, some of the details will be specific to my implementation and to what I'm going to achieve - but perhaps others have been in similar situations and can share what worked well and what didn't? :)

Doug Stevenson

unread,
Mar 21, 2017, 7:28:00 PM3/21/17
to Firebase Google Group
Andreas,

There's a couple of questions on Stack Overflow that have dealt with this issue:


Answers there are coming from the Firebase team.

Doug
Reply all
Reply to author
Forward
0 new messages