Configure the firestore security rules to allow users to only access their own data - efficiently

Question

Using firestore with angularfire2 rc 2.

All is working very nicely in development with no effective security rules.

These are the no security rules - where the cli

Answer 1

The following setup worked for me (I've used allChildren as opposed to allSubcollection):

service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId}/{allChildren=**} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

allChildren will allow to read/write in any subcollections of a user document.

More information on this wildcard matching is here