Firebase Security Rules work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths . All Rules across Firebase products have a path-matching component and a conditional statement allowing read or write access.