grantRolesToUser¶

On this page

Definition¶

grantRolesToUser¶

Grants additional roles to a user.

The grantRolesToUser command uses the following syntax:

{ grantRolesToUser: "<user>",
  roles: [ <roles> ],
  writeConcern: { <write concern> }
}

The command has the following fields:

Field	Type	Description
`grantRolesToUser`	string	The name of the user to give additional roles.
`roles`	array	An array of additional roles to grant to the user.
`writeConcern`	document	Optional. The level of write concern for the modification. The `writeConcern` document takes the same fields as the `getLastError` command.

In the roles field, you can specify both built-in roles and user-defined role.

To specify a role that exists in the same database where grantRolesToUser runs, you can either specify the role with the name of the role:

"readWrite"

Or you can specify the role with a document, as in:

{ role: "<role>", db: "<database>" }

To specify a role that exists in a different database, specify the role with a document.

Required Access¶

You must have the grantRole action on a database to grant a role on that database.

Example¶

Given a user accountUser01 in the products database with the following roles:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    }
]

The following grantRolesToUser operation gives accountUser01 the read role on the stock database and the readWrite role on the products database.

use products
db.runCommand( { grantRolesToUser: "accountUser01",
                 roles: [
                    { role: "read", db: "stock"},
                    "readWrite"
                 ],
                 writeConcern: { w: "majority" , wtimeout: 2000 }
             } )

The user accountUser01 in the products database now has the following roles:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    },
    { "role" : "read",
      "db" : "stock"
    },
    { "role" : "readWrite",
      "db" : "products"
    }
]

← dropUser revokeRolesFromUser →