services / Google Cloud / Firebase security rules publishing

Manage security rules sources. By themselves, these don't do anything, but when they are referenced by the current release, they are the active rules.


While creating a ruleset by itself doesn't do anything, when combined with access to update security rules releases, an attacker can hijack your security rules.


Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Contributed by P0 Security

© 2023–present P0 Security and contributors to the IAM Privilege Catalog