Database Manual / Reference / Database Commands / User Management

grantRolesToUser (database command数据库命令)

Definition定义

grantRolesToUser

Grants additional roles to a user.向用户授予其他角色。

Tip

In mongosh, this command can also be run through the db.grantRolesToUser() helper method.mongosh中,此命令也可以通过db.grantRolesToUser()辅助方法运行。

Helper methods are convenient for mongosh users, but they may not return the same level of information as database commands. 助手方法对mongosh用户来说很方便,但它们可能不会返回与数据库命令相同级别的信息。In cases where the convenience is not needed or the additional return fields are required, use the database command.如果不需要便利性或需要额外的返回字段,请使用database命令。

Compatibility兼容性

This command is available in deployments hosted in the following environments:此命令在以下环境中托管的部署中可用:

  • MongoDB Enterprise: The subscription-based, self-managed version of MongoDB:MongoDB的基于订阅的自我管理版本
  • MongoDB Community: The source-available, free-to-use, and self-managed version of MongoDB:MongoDB的源代码可用、免费使用和自我管理版本

Important

This command is not supported in MongoDB Atlas clusters. MongoDB Atlas集群不支持此命令。For information on Atlas support for all commands, see Unsupported Commands.有关Atlas支持所有命令的信息,请参阅不支持的命令

Syntax语法

The grantRolesToUser command uses the following syntax:grantRolesToUser命令使用以下语法:

db.runCommand(
   {
     grantRolesToUser: "<user>",
     roles: [ <roles> ],
     writeConcern: { <write concern> },
     comment: <any>
   }
)

Command Fields命令字段

The command takes the following fields:该命令包含以下字段:

Field字段Type类型Description描述
grantRolesToUserstring字符串The name of the user to give additional roles.要赋予其他角色的用户名。
rolesarray数组An array of additional roles to grant to the user.要授予用户的一系列其他角色。
writeConcerndocument文档Optional. 可选。The level of write concern for the operation. 操作的写入关注级别。See Write Concern Specification.请参阅写入关注规范
commentany任意

Optional. 可选。A user-provided comment to attach to this command. Once set, this comment appears alongside records of this command in the following locations:用户提供了要附加到此命令的注释。设置后,此注释将与此命令的记录一起出现在以下位置:

A comment can be any valid BSON type (string, integer, object, array, etc).注释可以是任何有效的BSON类型(字符串、整数、对象、数组等)。

In the roles field, you can specify both built-in roles and user-defined roles.roles字段中,您可以指定内置角色和built-in roles and 用户定义的角色

To specify a role that exists in the same database where grantRolesToUser runs, you can either specify the role with the name of the role:要指定存在于运行grantRolesToUser的同一数据库中的角色,您可以使用角色的名称指定角色:

"readWrite"

Or you can specify the role with a document, as in:或者,您可以在文档中指定角色,如:

{ role: "<role>", db: "<database>" }

To specify a role that exists in a different database, specify the role with a document.若要指定存在于其他数据库中的角色,请使用文档指定该角色。

Required Access所需访问权限

You must have the grantRole action on a database to grant a role on that database.您必须对数据库执行grantRole操作,才能在该数据库上授予角色。

Example示例

Given a user accountUser01 in the products database with the following roles:给定products数据库中具有以下角色的用户accountUser01

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    }
]

The following grantRolesToUser operation gives accountUser01 the read role on the stock database and the readWrite role on the products database.以下grantRolesToUser操作为accountUser01提供了stock数据库上的read角色和products数据库上的readWrite角色。

use products
db.runCommand( { grantRolesToUser: "accountUser01",
                 roles: [
                    { role: "read", db: "stock"},
                    "readWrite"
                 ],
                 writeConcern: { w: "majority" , wtimeout: 2000 }
             } )

The user accountUser01 in the products database now has the following roles:products数据库中的用户accountUser01现在具有以下角色:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    },
    { "role" : "read",
      "db" : "stock"
    },
    { "role" : "readWrite",
      "db" : "products"
    }
]