db.grantRolesToUser()¶

On this page

Definition¶

db.grantRolesToUser(username, roles, writeConcern)¶

Grants additional roles to a user.

The grantRolesToUser method uses the following syntax:

db.grantRolesToUser( "<username>", [ <roles> ], { <writeConcern> } )

The grantRolesToUser method takes the following arguments:

Parameter	Type	Description
`user`	string	The name of the user to whom to grant roles.
`roles`	array	An array of additional roles to grant to the user.
`writeConcern`	document	Optional. The level of write concern for the modification. The `writeConcern` document takes the same fields as the `getLastError` command.

In the roles field, you can specify both built-in roles and user-defined role.

To specify a role that exists in the same database where db.grantRolesToUser() runs, you can either specify the role with the name of the role:

"readWrite"

Or you can specify the role with a document, as in:

{ role: "<role>", db: "<database>" }

To specify a role that exists in a different database, specify the role with a document.

The db.grantRolesToUser() method wraps the grantRolesToUser command.

Required Access¶

You must have the grantRole action on a database to grant a role on that database.

Example¶

Given a user accountUser01 in the products database with the following roles:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    }
]

The following grantRolesToUser() operation gives accountUser01 the readWrite role on the products database and the read role on the stock database.

use products
db.grantRolesToUser(
   "accountUser01",
   [ "readWrite" , { role: "read", db: "stock" } ],
   { w: "majority" , wtimeout: 4000 }
)

The user accountUser01 in the products database now has the following roles:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    },
    { "role" : "read",
      "db" : "stock"
    },
    { "role" : "readWrite",
      "db" : "products"
    }
]

← db.getUsers() db.removeUser() →