db.grantPrivilegesToRole()
定义
db.grantPrivilegesToRole(rolename, privileges, writeConcern)
Grants additional privileges to a user-defined role.
重要
mongosh 方法
本页面提供
mongosh
方法的相关信息。这不是数据库命令或特定语言驱动程序(例如 Node.js)的相关文档。有关数据库命令,请参阅
grantPrivilegesToRole
命令。For MongoDB API drivers, refer to the language-specific MongoDB driver documentation.
db.grantPrivilegesToRole()
方法使用以下语法:db.grantPrivilegesToRole( "< rolename >", [ { resource: { <resource> }, actions: [ "<action>", ... ] }, ... ], { < writeConcern > } ) db.grantPrivilegesToRole()
方法接受以下参数:Parameter类型说明rolename
字符串
The name of the role to grant privileges to.
privileges
阵列
The privileges to add to the role. For the format of a privilege, see
privileges
.writeConcern
文档
The
db.grantPrivilegesToRole()
method can grant one or more privileges. Each<privilege>
has the following syntax:{ resource: { <resource> }, actions: [ "<action>", ... ] }
兼容性
此方法可用于以下环境中托管的部署:
重要
This command is not supported in MongoDB Atlas clusters. For information on Atlas support for all commands, see Unsupported Commands.
MongoDB Enterprise:基于订阅、自我管理的 MongoDB 版本
MongoDB Community:源代码可用、免费使用且可自行管理的 MongoDB 版本
行为
副本集
如果在副本集上运行,则默认情况下使用 "majority"
写关注执行
db.grantPrivilegesToRole()
。
范围
Except for roles created in the admin
database, a role can only
include privileges that apply to its database
A role created in the admin
database can include privileges that
apply to the admin
database, other databases or to the
集群 resource.
必需的访问权限
您必须对权限的目标数据库执行 grantRole
操作才能授予该权限。要授予对多个数据库或 cluster
资源的权限,必须对 admin
数据库执行
grantRole
操作。
例子
The following db.grantPrivilegesToRole()
operation grants two
additional privileges to the role inventoryCntrl01
, which exists on the
products
database. The operation is run on that database:
use products db.grantPrivilegesToRole( "inventoryCntrl01", [ { resource: { db: "products", collection: "" }, actions: [ "insert" ] }, { resource: { db: "products", collection: "system.js" }, actions: [ "find" ] } ], { w: "majority" } )
The first privilege permits users with this role to perform the
insert
操作 on all collections of
the products
database, except the system collections. To access a system collection, a
privilege must explicitly specify the system collection in the resource
document, as in the second privilege.
The second privilege permits users with this role to perform the
find
操作 on the
product
database's system collection named system.js
.