grantPrivilegesToRole

~~On this page~~本页内容

~~Definition~~定义
~~Behavior~~行为
~~Required Access~~所需访问权限
~~Example~~示例

Definition定义

grantPrivilegesToRole

~~Assigns additional privileges to a user-defined role defined on the database on which the command is run.~~ 为在运行命令的数据库上定义的用户定义角色分配其他权限。~~The grantPrivilegesToRole command uses the following syntax:~~grantPrivilegesToRole命令使用以下语法：

{
  grantPrivilegesToRole: "<role>",
  privileges: [
      {
        resource: { <resource> }, actions: [ "<action>", ... ]
      },
      ...
  ],
  writeConcern: { <write concern> },
  comment: <any>
}

~~The grantPrivilegesToRole command has the following fields:~~grantPrivilegesToRole命令具有以下字段：

~~Field~~字段	~~Type~~类型	~~Description~~描述
`grantPrivilegesToRole`	string	~~The name of the user-defined role to grant privileges to.~~要授予权限的用户定义角色的名称。
`privileges`	array	~~The privileges to add to the role.~~ 要添加到角色的权限。~~For the format of a privilege, see `privileges`.~~ 有关权限的格式，请参阅`privileges`。
`writeConcern`	document	~~Optional.~~ 可选。~~The level of write concern for the operation. See Write Concern Specification.~~操作的写入关注级别。请参阅写入关注规范。
`comment`	any	~~Optional.~~ 可选。~~A user-provided comment to attach to this command.~~ 用户提供了附加到此命令的注释。~~Once set, this comment appears alongside records of this command in the following locations:~~设置后，此注释将与此命令的记录一起显示在以下位置： ~~mongod log messages, in the `attr.command.cursor.comment` field.~~`mongod`日志消息，在`attr.command.cursor.comment`字段中。 ~~Database profiler output, in the `command.comment` field.~~数据库探查器输出，在`command.comment`字段中。 ~~`currentOp` output, in the `command.comment` field.~~`currentOp`输出，在`command.comment`字段中。 ~~A comment can be any valid BSON type(string, integer, object, array, etc).~~注释可以是任何有效的BSON类型（字符串、整数、对象、数组等）。 New in version 4.4.在版本4.4中新增。

Behavior行为

~~A role's privileges apply to the database where the role is created.~~ 角色的权限应用于创建角色的数据库。~~A role created on the admin database can include privileges that apply to all databases or to the cluster.~~在admin数据库上创建的角色可以包括应用于所有数据库或集群的权限。

~~Required Access~~所需访问权限

~~You must have the grantRole action on the database a privilege targets in order to grant the privilege.~~ 您必须将数据库上的grantRole操作作为权限目标，才能授予权限。~~To grant a privilege on multiple databases or on the cluster resource, you must have the grantRole action on the admin database.~~要在多个数据库或cluster资源上授予权限，必须对管理数据库执行grantRole操作。

Example示例

~~The following grantPrivilegesToRole command grants two additional privileges to the service role that exists in the products database:~~以下grantPrivilegesToRole命令向products数据库中存在的service角色授予两个附加权限：

use products
db.runCommand(
   {
     grantPrivilegesToRole: "service",
     privileges: [
         {
           resource: { db: "products", collection: "" }, actions: [ "find" ]
         },
         {
           resource: { db: "products", collection: "system.js" }, actions: [ "find" ]
         }
     ],
     writeConcern: { w: "majority" , wtimeout: 5000 }
   }
)

~~The first privilege in the privileges array allows the user to search on all non-system collections in the products database.~~ privileges数组中的第一个权限允许用户搜索products数据库中的所有非系统集合。~~The privilege does not allow queries on system collections, such as the system.js collection.~~ 该权限不允许查询系统集合，例如system.js集合。~~To grant access to these system collections, explicitly provision access in the privileges array. See Resource Document.~~要授予对这些系统集合的访问权限，请在privileges数组中显式设置访问权限。请参阅资源文档。

~~The second privilege explicitly allows the find action on system.js collections on all databases.~~第二个权限明确允许对所有数据库上的system.js集合执行find操作。

← dropAllRolesFromDatabase grantRolesToRole →