MongoDB: db.grantPrivilegesToRole() method
db.grantPrivilegesToRole()
The db.grantPrivilegesToRole() method is used to assign additional privileges to a user-defined role.
Syntax:
db.grantPrivilegesToRole(
"< rolename >",
[
{ resource: { <resource> }, actions: [ "<action>", ... ] },
...
],
{ < writeConcern > }
)
Parameters:
| Name | Description | Required / Optional |
Type |
|---|---|---|---|
| rolename | The name of the role to grant privileges to. | Required | String |
| privileges | The privileges to add to the role. For the format of a privilege. | Required | array |
| writeConcern | The level of write concern for the modification. The writeConcern document takes the same fields as the getLastError command. | Optional | document |
The grantPrivilegesToRole() method can grant one or more privileges. Each <privilege>has the following syntax:
{ resource: { <resource> }, actions: [ "<action>", ... ] }
The db.grantPrivilegesToRole() method wraps the grantPrivilegesToRole command.
Example: MongoDB: db.grantPrivilegesToRole() method
The following db.grantPrivilegesToRole() operation grants two additional privileges to the myroll1, which exists on the admin database. The operation is run on that database:
use admin
db.grantPrivilegesToRole(
"myroll1",
[
{
resource: { db: "config", collection: "" },
actions: [ "insert" ]
},
{
resource: { db: "admin", collection: "system.js" },
actions: [ "find" ]
}
],
{ w: "majority" }
);
Output:
> db.getRole( "myroll1", { showPrivileges: true } );
{
"role" : "myroll1",
"db" : "admin",
"isBuiltin" : false,
"roles" : [
{
"role" : "read",
"db" : "admin"
}
],
"inheritedRoles" : [
{
"role" : "read",
"db" : "admin"
}
],
"privileges" : [
{
"resource" : {
"db" : "config",
"collection" : " "
},
"actions" : [
"createCollection",
"createIndex",
"update"
]
},
{
"resource" : {
"db" : "config",
"collection" : ""
},
"actions" : [
"insert"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.js"
},
"actions" : [
"find"
]
}
],
"inheritedPrivileges" : [
{
"resource" : {
"db" : "config",
"collection" : " "
},
"actions" : [
"createCollection",
"createIndex",
"update"
]
},
{
"resource" : {
"db" : "config",
"collection" : ""
},
"actions" : [
"insert"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.js"
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : ""
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.indexes"
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.namespaces"
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
}
]
}
Retrieve the restaurants data from here
Previous:
db.dropAllRoles() method
Next:
db.revokeRolesFromRole() method