grantRolesToRole

On this page

Definition

grantRolesToRole

The grantRolesToRole command affects roles on the database where the command runs. grantRolesToRole has the following syntax:

copy

{ grantRolesToRole: "<role>",
  roles: [
             { role: "<role>", db: "<database>" },
             ...
         ],
  writeConcern: { <write concern> }
}

The grantRolesToRole command has the following fields:

Field	Type	Description
`grantRolesToRole`	string	The name of a role to add subsidiary roles.
`roles`	array	An array of roles from which to inherit.
`writeConcern`	document	Optional. The level of write concern for the modification. The `writeConcern` document takes the same fields as the `getLastError` command.

In the roles field, you can specify both built-in roles and user-defined roles.

To specify a role that exists in the same database where grantRolesToRole runs, you can either specify the role with the name of the role:

copy

"readWrite"

Or you can specify the role with a document, as in:

copy

{ role: "<role>", db: "<database>" }

To specify a role that exists in a different database, specify the role with a document.

Behavior

A role can inherit privileges from other roles in its database. A role created on the admin database can inherit privileges from roles in any database.

Required Access

You must have the grantRole action on a database to grant a role on that database.

Example

The following grantRolesToRole command updates the productsReaderWriter role in the products database to inherit the privileges of the productsReader role in the products database:

copy

use products
db.runCommand(
   { grantRolesToRole: "productsReaderWriter",
     roles: [
              "productsReader"
     ],
     writeConcern: { w: "majority" , wtimeout: 5000 }
   }
)

Docs

Docs4dev

Title here

grantRolesToRole

Definition

Behavior

Required Access

Example