Database Manual / Reference / mongosh Methods / User Management

db.grantRolesToUser() (mongosh method方法)

Definition定义

db.grantRolesToUser(username, roles, writeConcern)

Grants additional roles to a user.向用户授予其他角色。

Important

mongosh Method方法

This page documents a mongosh method. This is not the documentation for database commands or language-specific drivers, such as Node.js.本页记录了一种mongosh方法。这不是数据库命令或特定语言驱动程序(如Node.js)的文档。

For the database command, see the grantRolesToUser command.有关数据库命令,请参阅grantRolesToUser命令。

For MongoDB API drivers, refer to the language-specific MongoDB driver documentation.有关MongoDB API驱动程序,请参阅特定语言的MongoDB驱动程序文档

The db.grantRolesToUser() method uses the following syntax:db.grantRolesToUser()方法使用以下语法:

db.grantRolesToUser( "<username>", [ <roles> ], { <writeConcern> } )

The db.grantRolesToUser() method takes the following arguments:db.grantRolesToUser()方法接受以下参数:

Parameter参数Type类型Description描述
userstring字符串The name of the user to whom to grant roles.要向其授予角色的用户的名称。
rolesarray数组An array of additional roles to grant to the user.要授予用户的一系列其他角色。
writeConcerndocument文档Optional. 可选。The level of write concern for the operation. 操作的写入关注级别。See Write Concern Specification.请参阅写入关注规范

In the roles field, you can specify both built-in roles and user-defined roles.roles字段中,您可以指定内置角色用户定义的角色

To specify a role that exists in the same database where db.grantRolesToUser() runs, you can either specify the role with the name of the role:要指定存在于运行db.grantRolesToUser()的同一数据库中的角色,您可以使用角色的名称指定角色:

"readWrite"

Or you can specify the role with a document, as in:或者,您可以在文档中指定角色,如:

{ role: "<role>", db: "<database>" }

To specify a role that exists in a different database, specify the role with a document.若要指定存在于其他数据库中的角色,请使用文档指定该角色。

The db.grantRolesToUser() method wraps the grantRolesToUser command.db.grantRolesToUser()方法封装了db.grantRolesToUser()命令。

Compatibility兼容性

This method is available in deployments hosted in the following environments:此方法在以下环境中托管的部署中可用:

Important

This command is not supported in MongoDB Atlas clusters. MongoDB Atlas集群不支持此命令。For information on Atlas support for all commands, see Unsupported Commands.有关Atlas支持所有命令的信息,请参阅不支持的命令

  • MongoDB Enterprise: The subscription-based, self-managed version of MongoDB:MongoDB的基于订阅的自我管理版本
  • MongoDB Community: The source-available, free-to-use, and self-managed version of MongoDB:MongoDB的源代码可用、免费使用和自我管理版本

Behavior行为

Replica set副本集

If run on a replica set, db.grantRolesToUser() is executed using "majority" write concern by default.如果在副本集上运行,默认情况下,db.grantRolesToUser()将使用"majority"写入关注执行。

Required Access所需访问权限

You must have the grantRole action on a database to grant a role on that database.您必须对数据库执行grantRole操作,才能在该数据库上授予角色。

Example示例

Given a user accountUser01 in the products database with the following roles:给定products数据库中具有以下角色的用户accountUser01

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    }
]

The following db.grantRolesToUser() operation gives accountUser01 the readWrite role on the products database and the read role on the stock database.以下db.grantRolesToUser()操作为accountUser01提供了products数据库上的readWrite角色和stock(股票)数据库上的读取角色。

use products
db.grantRolesToUser(
   "accountUser01",
   [ "readWrite" , { role: "read", db: "stock" } ],
   { w: "majority" , wtimeout: 4000 }
)

The user accountUser01 in the products database now has the following roles:products数据库中的用户accountUser01现在具有以下角色:

"roles" : [
    { "role" : "assetsReader",
      "db" : "assets"
    },
    { "role" : "read",
      "db" : "stock"
    },
    { "role" : "readWrite",
      "db" : "products"
    }
]