Security rules don't filter and we don't have a way to hold back a value based on any logic. We can fall the whole record but not just the value.
Two initial options:
1) Involve a request intermediary like our service so the email can be stripped before delivering to the requestor.
2) Move emails to separate user tree and request separately.
Security rules don't filter and we don't have a way to hold back a value based on any logic. We can fall the whole record but not just the value.
Two initial options: 1) Involve a request intermediary like our service so the email can be stripped before delivering to the requestor. 2) Move emails to separate user tree and request separately.