/
grantRolesToRole.txt
109 lines (68 loc) · 2.29 KB
/
grantRolesToRole.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
================
grantRolesToRole
================
.. default-domain:: mongodb
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:class: singlecol
Definition
----------
.. dbcommand:: grantRolesToRole
Grants roles to a :ref:`user-defined role <user-defined-roles>`.
The :dbcommand:`grantRolesToRole` command affects roles on the
database where the command runs. :dbcommand:`grantRolesToRole` has
the following syntax:
.. code-block:: javascript
{ grantRolesToRole: "<role>",
roles: [
{ role: "<role>", db: "<database>" },
...
],
writeConcern: { <write concern> }
}
The :dbcommand:`grantRolesToRole` command has the following fields:
.. list-table::
:header-rows: 1
:widths: 20 20 80
* - Field
- Type
- Description
* - ``grantRolesToRole``
- string
- The name of a role to add subsidiary roles.
* - ``roles``
- array
- An array of roles from which to inherit.
* - ``writeConcern``
- document
- Optional. The level of :doc:`write concern </reference/write-concern>` for the
modification. The ``writeConcern`` document takes the same
fields as the :dbcommand:`getLastError` command.
.. |local-cmd-name| replace:: :dbcommand:`grantRolesToRole`
.. include:: /includes/fact-roles-array-contents.rst
Behavior
--------
A role can inherit privileges from other roles in its database. A role
created on the ``admin`` database can inherit privileges from roles in
any database.
Required Access
---------------
.. include:: /includes/access-grant-roles.rst
Example
-------
The following :dbcommand:`grantRolesToRole` command updates the
``productsReaderWriter`` role in the ``products`` database to :ref:`inherit
<inheritance>` the :ref:`privileges <privileges>` of the ``productsReader``
role in the ``products`` database:
.. code-block:: javascript
use products
db.runCommand(
{ grantRolesToRole: "productsReaderWriter",
roles: [
"productsReader"
],
writeConcern: { w: "majority" , wtimeout: 5000 }
}
)