db.grantPrivilegesToRole()¶

~~On this page~~本页内容

~~Definition~~定义
~~Behavior~~行为
Required Access
~~Example~~示例

Definition定义¶

db.grantPrivilegesToRole(rolename, privileges, writeConcern)¶

~~Grants additional privileges to a user-defined role.~~向用户定义的角色授予其他权限。

~~The grantPrivilegesToRole() method uses the following syntax:~~grantPrivilegesToRole()方法使用以下语法：

db.grantPrivilegesToRole(
    "< rolename >",
    [
        { resource: { <resource> }, actions: [ "<action>", ... ] },
        ...
    ],
    { < writeConcern > }
)

~~The grantPrivilegesToRole() method takes the following arguments:~~grantPrivilegesToRole()方法采用以下参数：

~~Parameter~~参数	~~Type~~类型	~~Description~~描述
`rolename`	string	~~The name of the role to grant privileges to.~~要向其授予权限的角色的名称。
`privileges`	array	~~The privileges to add to the role.~~ 要添加到角色的权限。~~For the format of a privilege, see `privileges`.~~有关权限的格式，请参`privileges`。
`writeConcern`	document	~~Optional.~~可选。~~The level of write concern for the modification.~~ 修改的写入关注级别。~~The `writeConcern` document takes the same fields as the `getLastError` command.~~`writeConcern`文档采用与`getLastError`命令相同的字段。

~~The grantPrivilegesToRole() method can grant one or more privileges.~~ grantPrivilegestRole()方法可以授予一个或多个权限。~~Each <privilege> has the following syntax:~~每个<privilege>语法如下所示：

{ resource: { <resource> }, actions: [ "<action>", ... ] }

~~The db.grantPrivilegesToRole() method wraps the grantPrivilegesToRole command.~~db.grantPrivilegesToRole()方法包装了grantPrivilegesToRole命令。

Behavior行为¶

Replica set复制集¶

~~If run on a replica set, db.grantPrivilegesToRole() is executed using majority write concern by default.~~如果在副本集上运行，默认情况下，db.grantPrivilegesToRole()将使用majority写入关注点执行。

Scope作用域¶

~~Except for roles created in the admin database, a role can only include privileges that apply to its database~~除了在管理数据库中创建的角色外，角色只能包含应用于其数据库的权限

~~A role created in the admin database can include privileges that apply to the admin database, other databases or to the cluster resource.~~在admin数据库中创建的角色可以包括应用于admin数据库、其他数据库或群集资源的权限。

Required Access所需访问权限¶

~~You must have the grantRole action on the database a privilege targets in order to grant the privilege.~~ 为了授予权限，必须对权限目标数据库执行grantRole操作。~~To grant a privilege on multiple databases or on the cluster resource, you must have the grantRole action on the admin database.~~要在多个数据库或群集资源上授予权限，必须对admin数据库执行grantRole操作。

Example示例¶

~~The following db.grantPrivilegesToRole() operation grants two additional privileges to the role inventoryCntrl01, which exists on the products database.~~ 以下db.grantPrivilegesToRole()操作为products数据库中的角色inventoryCntrl01授予两个额外的权限。~~The operation is run on that database:~~该操作在该数据库上运行：

use products
db.grantPrivilegesToRole(
  "inventoryCntrl01",
  [
    {
      resource: { db: "products", collection: "" },
      actions: [ "insert" ]
    },
    {
      resource: { db: "products", collection: "system.js" },
      actions: [ "find" ]
    }
  ],
  { w: "majority" }
)

~~The first privilege permits users with this role to perform the insert action on all collections of the products database, except the system collections.~~ 第一个权限允许具有此角色的用户对products数据库的所有集合（系统集合除外）执行insert操作。~~To access a system collection, a privilege must explicitly specify the system collection in the resource document, as in the second privilege.~~要访问系统集合，权限必须在资源文档中明确指定系统集合，就像在第二个权限中一样。

~~The second privilege permits users with this role to perform the find action on the product database’s system collection named system.js.~~第二个权限允许具有此角色的用户对product数据库名为system.js的系统集合执行find操作。