db.revokePrivilegesFromRole()
On this page本页内容
Definition定义
db.revokePrivilegesFromRole(rolename, privileges, writeConcern)-
Removes the specified privileges from the user-defined role on the database where the method runs.从运行该方法的数据库上的用户定义角色中删除指定的权限。Importantmongosh Method
This page documents a
mongoshmethod. This is not the documentation for database commands or language-specific drivers, such as Node.js.For the database command, see the有关数据库命令,请参阅revokePrivilegesFromRolecommand.revokePrivilegesFromRole命令。For MongoDB API drivers, refer to the language-specific MongoDB driver documentation.
For the legacy
mongoshell documentation, refer to the documentation for the corresponding MongoDB Server release:Thedb.revokePrivilegesFromRole()method has the following syntax:db.revokePrivilegesFromRole()方法具有以下语法:db.revokePrivilegesFromRole(
"<rolename>",
[
{ resource: { <resource> }, actions: [ "<action>", ... ] },
...
],
{ <writeConcern> }
)Thedb.revokePrivilegesFromRole()method takes the following arguments:db.revokePrivilegesFromRole()方法采用以下参数:Parameter参数Type类型Description描述rolenamestring The name of the user-defined role from which to revoke privileges.要从中吊销权限的用户定义角色的名称。privilegesarray An array of privileges to remove from the role.要从角色中删除的权限数组。See有关权限格式的详细信息,请参阅privilegesfor more information on the format of the privileges.privileges。writeConcerndocument Optional.可选的。The level of write concern for the operation.操作的写入关注级别。See Write Concern Specification.请参阅写入关注规范。
Behavior行为
Replica set副本集
If run on a replica set, 如果在副本集上运行,默认情况下,db.revokePrivilegesFromRole() is executed using "majority" write concern by default.db.revokePrivilegesFromRole()将使用"majority"写入关注执行。
Scope范围
To revoke a privilege, the resource document pattern must match exactly the 若要撤消权限,资源文档模式必须与该权限的resource field of that privilege. resource字段完全匹配。The actions field can be a subset or match exactly.actions字段可以是子集,也可以完全匹配。
For example, given the role 例如,给定accountRole in the products database with the following privilege that specifies the products database as the resource:products数据库中具有以下权限的角色accountRole,该权限将products数据库指定为资源:
{
"resource" : {
"db" : "products",
"collection" : ""
},
"actions" : [
"find",
"update"
]
}
You cannot revoke 不能仅从find and/or update from just one collection in the products database. The following operations result in no change to the role:products数据库中的一个集合撤消find和/或update。以下操作不会更改角色:
use products
db.revokePrivilegesFromRole(
"accountRole",
[
{
resource : {
db : "products",
collection : "gadgets"
},
actions : [
"find",
"update"
]
}
]
)
db.revokePrivilegesFromRole(
"accountRole",
[
{
resource : {
db : "products",
collection : "gadgets"
},
actions : [
"find"
]
}
]
)
To revoke the 若要撤消角色"find" and/or the "update" action from the role accountRole, you must match the resource document exactly. For example, the following operation revokes just the "find" action from the existing privilege.accountRole的"find"和/或"update"操作,必须与资源文档完全匹配。例如,以下操作仅从现有权限中撤消"find"操作。
use products
db.revokePrivilegesFromRole(
"accountRole",
[
{
resource : {
db : "products",
collection : ""
},
actions : [
"find"
]
}
]
)
Required Access所需访问权限
You must have the 您必须对某权限所针对的数据库执行revokeRole action on the database a privilege targets in order to revoke that privilege. revokeRole 操作才能吊销该权限。If the privilege targets multiple databases or the 如果权限针对多个数据库或cluster resource, you must have the revokeRole action on the admin database.cluster资源,则必须对管理数据库执行revokeRole操作。
Example实例
The following operation removes multiple privileges from the 以下操作将从associates role:associates角色中删除多个权限:
db.revokePrivilegesFromRole(
"associate",
[
{
resource: { db: "products", collection: "" },
actions: [ "createCollection", "createIndex", "find" ]
},
{
resource: { db: "products", collection: "orders" },
actions: [ "insert" ]
}
],
{ w: "majority" }
)