我的书签
添加书签
移除书签grantRolesToUser
Definition
The grantRolesToUser command uses the following syntax:
- { grantRolesToUser: "<user>",
- roles: [ <roles> ],
- writeConcern: { <write concern> }
- }
The command has the following fields:
FieldTypeDescriptiongrantRolesToUserstringThe name of the user to give additional roles.rolesarrayAn array of additional roles to grant to the user.writeConcerndocumentOptional. The level of write concern for themodification. The writeConcern document takes the samefields as the getLastError command.
In the roles field, you can specify bothbuilt-in roles and user-definedroles.
To specify a role that exists in the same database wheregrantRolesToUser runs, you can either specify the role with the name ofthe role:
- "readWrite"
Or you can specify the role with a document, as in:
- { role: "<role>", db: "<database>" }
To specify a role that exists in a different database, specify the rolewith a document.
Required Access
You must have the grantRoleaction on a database to grant a role on that database.
Example
Given a user accountUser01 in the products database with the followingroles:
- "roles" : [
- { "role" : "assetsReader",
- "db" : "assets"
- }
- ]
The following grantRolesToUser operation gives accountUser01 theread role on the stock database and thereadWrite role on the products database.
- use products
- db.runCommand( { grantRolesToUser: "accountUser01",
- roles: [
- { role: "read", db: "stock"},
- "readWrite"
- ],
- writeConcern: { w: "majority" , wtimeout: 2000 }
- } )
The user accountUser01 in the products database now has the followingroles:
- "roles" : [
- { "role" : "assetsReader",
- "db" : "assets"
- },
- { "role" : "read",
- "db" : "stock"
- },
- { "role" : "readWrite",
- "db" : "products"
- }
- ]
