Contextual security rules can be confusing at first. To get used to how they work, it is critical to understand the order of execution. Even after this is understood, it is easy for you to slow the system down with inefficient security rules. While the platform does cache results and attempt to optimize, where possible, follow these key points to use security rules effectively:
- Read-row rules are not user friendly. Query business rules are almost always more effective. They may also be quicker since they ask the database to filter out the records and prevent their processing.
- Read-field rules can be very intensive for the system to process. Consider a <table>.* security rule that returns false for every field. ...