db.revokeRolesFromUser()

On this page

Definition
Behavior
Required Access
Example

Definition

db.revokeRolesFromUser()

Removes one or more roles from a user on the current database.

Important

mongosh Method

This page documents a mongosh method. This is not the documentation for database commands or language-specific drivers, such as Node.js.

For the database command, see the revokeRolesFromUser command.

For MongoDB API drivers, refer to the language-specific MongoDB driver documentation.

For the legacy mongo shell documentation, refer to the documentation for the corresponding MongoDB Server release:

The db.revokeRolesFromUser() method uses the following syntax:

db.revokeRolesFromUser( "<username>", [ <roles> ], { <writeConcern> } )

The db.revokeRolesFromUser() method takes the following arguments:

Parameter	Type	Description
`user`	string	The name of the user from whom to revoke roles.
`roles`	array	The roles to remove from the user.
`writeConcern`	document	Optional. The level of write concern for the operation. See Write Concern Specification.

In the roles field, you can specify both built-in roles and user-defined roles.

To specify a role that exists in the same database where db.revokeRolesFromUser() runs, you can either specify the role with the name of the role:

"readWrite"

Or you can specify the role with a document, as in:

{ role: "<role>", db: "<database>" }

To specify a role that exists in a different database, specify the role with a document.

The db.revokeRolesFromUser() method wraps the revokeRolesFromUser command.

Behavior

Replica set

If run on a replica set, db.revokeRolesFromUser() is executed using "majority" write concern by default.

Required Access

You must have the revokeRole action on a database to revoke a role on that database.

Example

The accountUser01 user in the products database has the following roles:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    },
    { "role" : "read",
      "db" : "stock"
    },
    { "role" : "readWrite",
      "db" : "products"
    }
]

The following db.revokeRolesFromUser() method removes the two of the user's roles: the read role on the stock database and the readWrite role on the products database, which is also the database on which the method runs:

use products
db.revokeRolesFromUser( "accountUser01",
                        [ { role: "read", db: "stock" }, "readWrite" ],
                        { w: "majority" }
                      )

The user accountUser01 user in the products database now has only one remaining role:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    }
]

← db.removeUser()db.updateUser() →