db.grantRolesToUser()
Definition
The grantRolesToUser
method uses the following syntax:
- db.grantRolesToUser( "<username>", [ <roles> ], { <writeConcern> } )
The grantRolesToUser
method takes the following arguments:
ParameterTypeDescriptionuser
stringThe name of the user to whom to grant roles.roles
arrayAn array of additional roles to grant to the user.writeConcern
documentOptional. The level of write concern for themodification. The writeConcern
document takes the samefields as the getLastError
command.
In the roles
field, you can specify bothbuilt-in roles and user-definedroles.
To specify a role that exists in the same database wheredb.grantRolesToUser()
runs, you can either specify the role with the name ofthe role:
- "readWrite"
Or you can specify the role with a document, as in:
- { role: "<role>", db: "<database>" }
To specify a role that exists in a different database, specify the rolewith a document.
The db.grantRolesToUser()
method wraps thegrantRolesToUser
command.
Behavior
Replica set
If run on a replica set, db.grantRolesToUser()
is executed using majority
write concern by default.
Required Access
You must have the grantRole
action on a database to grant a role on that database.
Example
Given a user accountUser01
in the products
database with the followingroles:
- "roles" : [
- { "role" : "assetsReader",
- "db" : "assets"
- }
- ]
The following grantRolesToUser()
operation gives accountUser01
the readWrite
role on the products
database and theread
role on the stock
database.
- use products
- db.grantRolesToUser(
- "accountUser01",
- [ "readWrite" , { role: "read", db: "stock" } ],
- { w: "majority" , wtimeout: 4000 }
- )
The user accountUser01
in the products
database now has the followingroles:
- "roles" : [
- { "role" : "assetsReader",
- "db" : "assets"
- },
- { "role" : "read",
- "db" : "stock"
- },
- { "role" : "readWrite",
- "db" : "products"
- }
- ]