grantRolesToUser
Definition
Syntax
The grantRolesToUser
command uses the following syntax:
db.runCommand( { grantRolesToUser: "<user>", roles: [ <roles> ], writeConcern: { <write concern> }, comment: <any> } )
Command Fields
The command takes the following fields:
Field | Type | Description |
---|---|---|
grantRolesToUser | string | The name of the user to give additional roles. |
roles | array | An array of additional roles to grant to the user. |
writeConcern | document | Optional. The level of write concern for the operation. See Write Concern Specification. |
comment | any | Optional. A user-provided comment to attach to this command. Once set, this comment appears alongside records of this command in the following locations:
A comment can be any valid BSON type (string, integer, object, array, etc). New in version 4.4. |
In the roles
field, you can specify both
built-in roles and user-defined
roles.
To specify a role that exists in the same database where
grantRolesToUser
runs, you can either specify the role with the name of
the role:
"readWrite"
Or you can specify the role with a document, as in:
{ role: "<role>", db: "<database>" }
To specify a role that exists in a different database, specify the role with a document.
Required Access
You must have the grantRole
action on a database to grant a role on that database.
Example
Given a user accountUser01
in the products
database with the following
roles:
"roles" : [ { "role" : "assetsReader", "db" : "assets" } ]
The following grantRolesToUser
operation gives accountUser01
the
read
role on the stock
database and the
readWrite
role on the products
database.
use products db.runCommand( { grantRolesToUser: "accountUser01", roles: [ { role: "read", db: "stock"}, "readWrite" ], writeConcern: { w: "majority" , wtimeout: 2000 } } )
The user accountUser01
in the products
database now has the following
roles:
"roles" : [ { "role" : "assetsReader", "db" : "assets" }, { "role" : "read", "db" : "stock" }, { "role" : "readWrite", "db" : "products" } ]