diff --git a/firestore.rules b/firestore.rules
index 6df6bb6d..830e3972 100644
--- a/firestore.rules
+++ b/firestore.rules
@@ -1,14 +1,13 @@
 service cloud.firestore {
   match /databases/{database}/documents {
-    match /{document=**} {
-      allow read, write: if request.auth.uid != null;
-    }
-    // Make sure the uid of the requesting user matches the name of the user
+    // Make sure the uid of the requesting user matches name of the user
     // document. The wildcard expression {userId} makes the userId variable
     // available in rules.
     match /users/{userId} {
-      allow read, update, delete: if request.auth.uid == userId;
-      allow create: if request.auth.uid != null;
+      allow read, write, create, update, delete: if request.auth.uid != null && request.auth.uid == userId;
+    }
+    match /users/{userId}/{document=**} {
+    	allow read, write, create, update, delete: if request.auth.uid != null && request.auth.uid == userId;
     }
   }
 }