grantRolesToUser
Definition
The grantRolesToUser
command uses the following syntax:
- { grantRolesToUser: "<user>",
- roles: [ <roles> ],
- writeConcern: { <write concern> }
- }
The command has the following fields:
FieldTypeDescriptiongrantRolesToUser
stringThe name of the user to give additional roles.roles
arrayAn array of additional roles to grant to the user.writeConcern
documentOptional. The level of write concern for themodification. The writeConcern
document takes the samefields as the getLastError
command.
In the roles
field, you can specify bothbuilt-in roles and user-definedroles.
To specify a role that exists in the same database wheregrantRolesToUser
runs, you can either specify the role with the name ofthe role:
- "readWrite"
Or you can specify the role with a document, as in:
- { role: "<role>", db: "<database>" }
To specify a role that exists in a different database, specify the rolewith a document.
Required Access
You must have the grantRole
action on a database to grant a role on that database.
Example
Given a user accountUser01
in the products
database with the followingroles:
- "roles" : [
- { "role" : "assetsReader",
- "db" : "assets"
- }
- ]
The following grantRolesToUser
operation gives accountUser01
theread
role on the stock
database and thereadWrite
role on the products
database.
- use products
- db.runCommand( { grantRolesToUser: "accountUser01",
- roles: [
- { role: "read", db: "stock"},
- "readWrite"
- ],
- writeConcern: { w: "majority" , wtimeout: 2000 }
- } )
The user accountUser01
in the products
database now has the followingroles:
- "roles" : [
- { "role" : "assetsReader",
- "db" : "assets"
- },
- { "role" : "read",
- "db" : "stock"
- },
- { "role" : "readWrite",
- "db" : "products"
- }
- ]