db.grantPrivilegesToRole()

~~On this page~~本页内容

~~Definition~~定义
~~Behavior~~行为
~~Required Access~~所需访问权限
~~Example~~示例

Definition定义

db.grantPrivilegesToRole(rolename, privileges, writeConcern)

~~Grants additional privileges to a user-defined role.~~向用户定义的角色授予其他权限。

~~The db.grantPrivilegesToRole() method uses the following syntax:~~db.grantPrivilegesToRole()方法使用以下语法：

db.grantPrivilegesToRole(
    "< rolename >",
    [
        { resource: { <resource> }, actions: [ "<action>", ... ] },
        ...
    ],
    { < writeConcern > }
)

~~The db.grantPrivilegesToRole() method takes the following arguments:~~db.grantPrivilegesToRole()方法采用以下参数：

~~Parameter~~参数	~~Type~~类型	~~Description~~描述
`rolename`	string	~~The name of the role to grant privileges to.~~要授予权限的角色的名称。
`privileges`	array	~~The privileges to add to the role. For the format of a privilege, see `privileges`.~~要添加到角色的权限。有关权限的格式，请参阅`privileges`。
`writeConcern`	document	~~Optional.~~ 可选。~~The level of write concern for the operation.~~ 操作的写入关注级别。~~See Write Concern Specification.~~请参阅写入关注规范。

~~The db.grantPrivilegesToRole() method can grant one or more privileges.~~ db.grantPrivilegesToRole()方法可以授予一个或多个权限。~~Each <privilege> has the following syntax:~~每个<privilege>都有以下语法：

{ resource: { <resource> }, actions: [ "<action>", ... ] }

~~The db.grantPrivilegesToRole() method wraps the grantPrivilegesToRole command.~~db.grantPrivilegesToRole()方法包装grantPrivilegesToRole命令。

Behavior行为

Replica set副本集

~~If run on a replica set, db.grantPrivilegesToRole() is executed using "majority" write concern by default.~~如果在副本集上运行，默认情况下，db.grantPrivilegesToRole()将使用"majority"写入关注点执行。

Scope作用域

~~Except for roles created in the admin database, a role can only include privileges that apply to its database~~除了在admin数据库中创建的角色之外，角色只能包括应用于其数据库的权限

~~A role created in the admin database can include privileges that apply to the admin database, other databases or to the cluster resource.~~在admin数据库中创建的角色可以包括应用于admin数据库、其他数据库或群集资源的权限。

Required Access所需访问权限

~~You must have the grantRole action on the database a privilege targets in order to grant the privilege.~~ 您必须对权限目标数据库执行grantRole操作才能授予权限。~~To grant a privilege on multiple databases or on the cluster resource, you must have the grantRole action on the admin database.~~要授予对多个数据库或群集资源的权限，必须对admin数据库执行grantRole操作。

Example示例

~~The following db.grantPrivilegesToRole() operation grants two additional privileges to the role inventoryCntrl01, which exists on the products database.~~ 下面的db.grantPrivilegesToRole()操作向存在于products数据库中的角色inventoryCntrl01授予两个额外的权限。~~The operation is run on that database:~~该操作在该数据库上运行：

use products
db.grantPrivilegesToRole(
  "inventoryCntrl01",
  [
    {
      resource: { db: "products", collection: "" },
      actions: [ "insert" ]
    },
    {
      resource: { db: "products", collection: "system.js" },
      actions: [ "find" ]
    }
  ],
  { w: "majority" }
)

~~The first privilege permits users with this role to perform the insert action on all collections of the products database, except the system collections.~~ 第一个权限允许具有此角色的用户对products数据库的所有集合（系统集合除外）执行insert操作。~~To access a system collection, a privilege must explicitly specify the system collection in the resource document, as in the second privilege.~~要访问系统集合，权限必须在资源文档中显式指定系统集合，就像第二个权限一样。

~~The second privilege permits users with this role to perform the find action on the product database's system collection named system.js.~~第二个权限允许具有此角色的用户对名为system.js的product数据库系统集合执行find操作。

← db.getRoles()db.revokePrivilegesFromRole() →