Are there any security concerns with allowing authenticated users to read from the Users collection?

Database & APIs

Hi I'm wondering if it's safe to leave the Users collection readable by authenticated users. Are there any significant security risks in doing this?

Is it really worth the effort to implement a separate public and private user collection, leaving the original Users collection (the private one) restricted to read/write/delete/create only for the document owner?

I'd appreciate any advice on the best approach!

What have you tried so far?

I have looked at the documentation and some posts online.

Did you check FlutterFlow's Documentation for this topic?
Yes
3 replies