Recently, I build a self-hosted shopping website in React. I decide to build an admin dashboard to manage the user and modify the product. I choose Firebase Realtime DB as my backend. There are two options in my mind. First, I can separate the user and admin through password login. In this way, I am not sure how Firebase can determined the login user is admin or normal user. Second, I run the admin page on my localhost and modify the data on Firebase through API.
I have no experience design this kind of system. Therefore, I would like to search for the opinions from people who have the experience about which methods is better. Or else, there would be other options better than my idea.
I can separate the user and admin through password login. In this way, I am not sure how Firebase can determined the login user is admin or normal user.
The recommended approach in Firebase for a role-based access control strategy is to use Custom Claims.
Custom Claims are "custom attributes can give users different levels of access (roles), which are enforced in an application's security rules".
Since you are building an admin dashboard to manage the users you may be interested by this article: How to create an Admin module for managing Firebase users access and roles (disclaimer: I'm the author).