Inhabilita las recomendaciones/estadísticas en el centro de transparencia y control.
Para obtener más información, consulta Cómo inhabilitar la función.
roles/dataprocessing.admin
Estos roles de recomendador proporcionan los siguientes permisos de API:
Permisos roles/recommender.firestoredatabasefirebaserulesViewer, más recommender.firestoreDatabaseFirebaseRulesRecommendations.update recommender.firestoreDatabaseFirebaseRulesInsights.update
Para obtener más información sobre los roles y la concesión de acceso, consulta los siguientes vínculos:
Solo puedes ver las recomendaciones de las reglas de seguridad de Firestore si tienes bases de datos en uso no vacías que tengan configuradas reglas expuestas a un acceso amplio. El proyecto debe tener al menos 30 días de antigüedad para que se generen recomendaciones.
Puedes ver las recomendaciones o estadísticas de las reglas de seguridad de Firestore de diferentes maneras:
Ver recomendaciones
Google Cloud console
Para ver tus recomendaciones, haz lo siguiente:
Ve a la Google Cloud consola o usa el siguiente botón:
Las recomendaciones se pueden ver en la página del Centro de recomendaciones o del Centro de bases de datos.
Busca Recomendaciones, lo que te llevará a la página del Centro de recomendaciones.
Puedes seleccionar una categoría específica de recomendaciones y verlas.
Busca Database Center.
Puedes aplicar un filtro de productos y ver los problemas específicos de la flota.
gcloud CLI
Para mostrar una lista de las recomendaciones de las reglas de seguridad de Firestore con gcloud, ejecuta el comando
gcloud recommender recommendations list
de la siguiente manera:
RECOMMENDER: El ID del recomendador, como FirebaseRulesRecommender.
API de recomendador
Para mostrar una lista de tus recomendaciones de reglas de seguridad de Firestore con la API de Recommendations, llama al método recommendations.list de la siguiente manera:
Para obtener más información sobre cómo mejorar la seguridad de tu base de datos, consulta Estructura reglas de seguridad.
Precios
Las recomendaciones y estadísticas de las reglas de seguridad de Firestore están disponibles de sin costo. Para obtener información sobre otros niveles de precios, consulta Precios del recomendador.
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[],[],null,["# Firestore Security Rules recommender\n====================================\n\nThe Firestore Security Rules recommender supports the following recommendation subtype:\n\n- [Update Insecure Policy](/firestore/docs/security/insecure-rules)\n\nwhich are security concerns for Firestore customers providing users\nextra access than the users intend.\n\nThis document describes how to enable and view your recommendations\nand insights to improve the security of your databases.\n\nBefore you begin\n----------------\n\nBefore you can view Firestore Firestore Security rules\nrecommendations and insights, do the following:\n\n1. Enable the Recommender API as described in\n [Enable the API](/recommender/docs/enabling).\n\n2. Ensure that you have sufficient permissions.\n You must have one of the following roles, which provide the necessary\n permissions:\n\n\n \u003cbr /\u003e\n\n These Recommender roles provide the following API permissions:\n\n\n \u003cbr /\u003e\n\n For more information about roles and about granting access, see the\n following:\n - [Understanding roles](/iam/docs/understanding-roles)\n - [Managing access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access)\n\nYou can view Firestore Security rules recommendations only if you have non-empty, in-use databases that have any rules exposed to broad access configured. The project\nmust be at least 30 days old for recommendations to be generated for it.\n\nYou can view Firestore Security rules recommendations/insights in different ways:\n\nView recommendations\n--------------------\n\n### Google Cloud console\n\n\nYou can view your recommendations by doing following:\n\nGo to the Google Cloud console, or use the following button:\n\n[Go to Google Cloud console](https://console.cloud.google.com/)\n\nRecommendations can be viewed on **Recommendation Hub** or **Database Center** page.\n\n1. Search for **Recommendations** which will lead to the Recommendation Hub page.\n You can select specific category of recommendation and view them.\n\n2. Search for **Database Center**.\n You can apply product filter and view the specific fleet issues.\n\n\u003cbr /\u003e\n\n### gcloud CLI\n\n\nTo list Firestore Security rules recommendations by using `gcloud`, run the\n[`gcloud recommender recommendations list`](/sdk/gcloud/reference/recommender/recommendations/list)\ncommand as follows: \n\n gcloud recommender recommendations list \\\n --project=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003ePROJECT_ID\u003c/span\u003e\u003c/var\u003e \\\n --location=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eLOCATION\u003c/span\u003e\u003c/var\u003e \\\n --recommender=google.firestore.database.\u003cvar\u003eRECOMMENDER\u003c/var\u003e\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region, such as `us-central1`\n- \u003cvar translate=\"no\"\u003eRECOMMENDER\u003c/var\u003e: The ID of the recommender as `FirebaseRulesRecommender`.\n\n\u003cbr /\u003e\n\n### Recommender API\n\n\nTo list your Firestore Security rules recommendations by using the\n[Recommendations API](/recommender/docs/using-api), call the\n[`recommendations.list`](/recommender/docs/reference/rest/v1beta1/projects.locations.recommenders.recommendations/list)\nmethod as follows: \n\n curl -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n -H \"x-goog-user-project: \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\" \\\n \"https://recommender.googleapis.com/v1/projects/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/locations/\u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e/recommenders/google.firestore.database.\u003cvar translate=\"no\"\u003eRECOMMENDER\u003c/var\u003e/recommendations\"\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region, such as `us-central1`.\n- \u003cvar translate=\"no\"\u003eRECOMMENDER\u003c/var\u003e: The ID of the recommender as `FirebaseRulesRecommender`.\n\nFor more information, see [Using the API - Recommendations](/recommender/docs/using-api).\n\nView insights\n-------------\n\nYou can view insights and detailed recommendations about Firestore Security\nrules in different ways. \n\n### gcloud CLI\n\n\nTo view insights by using `gcloud`, run the\n[`gcloud recommender insights list`](/sdk/gcloud/reference/recommender/insights/list)\ncommand as follows: \n\n gcloud recommender insights list \\\n --project=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003ePROJECT_ID\u003c/span\u003e\u003c/var\u003e \\\n --location=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eLOCATION\u003c/span\u003e\u003c/var\u003e \\\n --insight-type=google.firestore.database.\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eINSIGHT_TYPE\u003c/span\u003e\u003c/var\u003e\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region, such as `us-central1`.\n- \u003cvar translate=\"no\"\u003eINSIGHT_TYPE\u003c/var\u003e: The ID of the insight type as `FirebaseRulesInsight`.\n\n \u003cbr /\u003e\n\n### Recommender API\n\n\nTo list your insights by using the\nRecommender API, run the following command: \n\n curl -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n\n \"https://recommender.googleapis.com/v1/projects/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/locations/\u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e/insightTypes/google.firestore.database.\u003cvar translate=\"no\"\u003eINSIGHT_TYPE\u003c/var\u003e/insights\"\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region, such as `us-central1`.\n- \u003cvar translate=\"no\"\u003eINSIGHT_TYPE\u003c/var\u003e: The ID of the insight type as `FirebaseRulesInsight`.\n\nFor more information, see [Using the API - Insights](/recommender/docs/insights/using-api).\n\n\u003cbr /\u003e\n\nApply recommendations\n---------------------\n\nFor more information about how to improve your database security, see\n[Structure security rules](/firestore/docs/security/rules-structure).\n\nPricing\n-------\n\nFirestore Security rules recommendations and insights are\navailable free of charge. For information about other pricing tiers, see\n[Recommender pricing](/recommender/pricing)."]]
