Cloud Firestore offers robust access management and authentication through two different methods, depending on the client libraries you use.
For mobile and web client libraries, use Firebase Authentication and Cloud Firestore Security Rules to handle serverless authentication, authorization, and data validation. Learn how to secure your data for the Android, Apple, and Web client libraries with Cloud Firestore Security Rules.
Use App Check to help ensure that only your app can access your Cloud Firestore data.
For your apps that use Cloud Storage for Firebase, use Cloud Firestore to define conditions for access to your Cloud Storage resources in database documents that can be accessed by Cloud Storage Security Rules.
For server client libraries, use Identity and Access Management (IAM) to manage access to your database. Learn how to secure your data for the Java, Python, Node.js, and Go client libraries with IAM.