Permissions
What service-account permissions Firepanel needs, why it needs them, and how to run with least privilege.
Firepanel acts on your Firebase project through a service account. This page explains what that account needs to be able to do, and why.
The short version#
The key generated from the Firebase Admin SDK panel in Project Settings works out of the box. You don't need to configure any IAM roles by hand to start using Firepanel.
What each permission is for#
| Permission | Used for | Required? |
|---|---|---|
| Read Firestore | Browsing collections, documents, and subcollections | Yes |
| Write Firestore | Inline edits, the detail-view editor, creating documents, bulk operations, deletes | For editing |
| Reach Auth | Connection health check today; Auth management later | Optional |
| Reach Storage | Connection health check today; Storage browsing later | Optional |
Firestore read is the only thing you strictly need to browse data. Write access is required for any of the editing features. Auth and Storage are only probed during the connection check right now — those modules are coming soon.
Read-only access#
If you only want to browse and never edit, you can connect a service account scoped to read Firestore. Editing features will fail with a permission error (Firepanel surfaces the message), but browsing, filtering, search, and export all work.
Tip
A read-only connection is a great way to give support or analytics people safe visibility into production without the ability to change anything.
Least privilege#
If your organization prefers tightly-scoped credentials over the default Admin SDK role, you can create a service account in Google Cloud IAM with only the roles you need — for example, a Firestore-focused role for read/write on Firestore. Grant exactly what the table above says Firepanel uses, generate a key for that account, and connect it the same way.
Warning
If you scope the account down, the connection check may show Auth or Storage as unreachable. That's expected and not a problem for today's Firestore-only features — Firestore is the badge that matters.
Revoking access#
Permissions are a two-way street, and you hold the controls:
- In Firepanel: disconnect the project to delete its encrypted credentials.
- In Firebase / Google Cloud: delete or disable the service-account key, or remove its roles. Firepanel loses access immediately.
There's no cached copy of your data on our side, so revoking at the source is a hard stop. More on this in Data security.