db.revokeRolesFromUser()

Definition

  • db.revokeRolesFromUser()
  • Removes a one or more roles from a user on the currentdatabase. The db.revokeRolesFromUser() method uses thefollowing syntax:
  1. db.revokeRolesFromUser( "<username>", [ <roles> ], { <writeConcern> } )

The revokeRolesFromUser method takes the following arguments:

ParameterTypeDescriptionuserstringThe name of the user from whom to revoke roles.rolesarrayThe roles to remove from the user.writeConcerndocumentOptional. The level of write concern for themodification. The writeConcern document takes the samefields as the getLastError command.

In the roles field, you can specify bothbuilt-in roles and user-definedroles.

To specify a role that exists in the same database wheredb.revokeRolesFromUser() runs, you can either specify the role with the name ofthe role:

  1. "readWrite"

Or you can specify the role with a document, as in:

  1. { role: "<role>", db: "<database>" }

To specify a role that exists in a different database, specify the rolewith a document.

The db.revokeRolesFromUser() method wraps therevokeRolesFromUser command.

Behavior

Replica set

If run on a replica set, db.revokeRolesFromUser() is executed using majority write concern by default.

Required Access

You must have the revokeRoleaction on a database to revoke a role on that database.

Example

The accountUser01 user in the products database has the followingroles:

  1. "roles" : [
  2.     { "role" : "assetsReader",
  3.       "db" : "assets"
  4.     },
  5.     { "role" : "read",
  6.       "db" : "stock"
  7.     },
  8.     { "role" : "readWrite",
  9.       "db" : "products"
  10.     }
  11. ]

The following db.revokeRolesFromUser() method removes the two ofthe user’s roles: the read role on the stock database andthe readWrite role on the products database, which is alsothe database on which the method runs:

  1. use products
  2. db.revokeRolesFromUser( "accountUser01",
  3.                         [ { role: "read", db: "stock" }, "readWrite" ],
  4.                         { w: "majority" }
  5.                       )

The user accountUser01 user in the products database now has onlyone remaining role:

  1. "roles" : [
  2.     { "role" : "assetsReader",
  3.       "db" : "assets"
  4.     }
  5. ]