Docs Menu

Docs HomeDevelop ApplicationsMongoDB Manual

db.revokeRolesFromUser()

On this page

  • Definition
  • Behavior
  • Required Access
  • Example

Definition

db.revokeRolesFromUser()

Removes a one or more roles from a user on the current database. The db.revokeRolesFromUser() method uses the following syntax:

db.revokeRolesFromUser( "<username>", [ <roles> ], { <writeConcern> } )

The db.revokeRolesFromUser() method takes the following arguments:

Parameter
Type
Description
user
string
The name of the user from whom to revoke roles.
roles
array
The roles to remove from the user.
writeConcern
document
Optional. The level of write concern for the modification. The writeConcern document takes the same fields as the getLastError command.

In the roles field, you can specify both built-in roles and user-defined roles.

To specify a role that exists in the same database where db.revokeRolesFromUser() runs, you can either specify the role with the name of the role:

"readWrite"

Or you can specify the role with a document, as in:

{ role: "<role>", db: "<database>" }

To specify a role that exists in a different database, specify the role with a document.

The db.revokeRolesFromUser() method wraps the revokeRolesFromUser command.

Behavior

Replica set

If run on a replica set, db.revokeRolesFromUser() is executed using "majority" write concern by default.

Required Access

You must have the revokeRole action on a database to revoke a role on that database.

Example

The accountUser01 user in the products database has the following roles:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    },
    { "role" : "read",
      "db" : "stock"
    },
    { "role" : "readWrite",
      "db" : "products"
    }
]

The following db.revokeRolesFromUser() method removes the two of the user's roles: the read role on the stock database and the readWrite role on the products database, which is also the database on which the method runs:

use products
db.revokeRolesFromUser( "accountUser01",
                        [ { role: "read", db: "stock" }, "readWrite" ],
                        { w: "majority" }
                      )

The user accountUser01 user in the products database now has only one remaining role:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    }
]
← db.removeUser()
db.updateUser() →

On this page