On this page本页内容
revokeRolesFromUser
¶Removes a one or more roles from a user on the database where the roles exist. The revokeRolesFromUser
command uses the following syntax:
The command has the following fields:
revokeRolesFromUser |
string | The user to remove roles from. |
roles |
array | The roles to remove from the user. |
writeConcern |
document | writeConcern document takes the same fields as the getLastError command. |
comment |
any |
A comment can be any valid BSON type (string, integer, object, array, etc).
|
In the roles
field, you can specify both built-in roles and user-defined roles.
To specify a role that exists in the same database where revokeRolesFromUser
runs, you can either specify the role with the name of the role:
Or you can specify the role with a document, as in:
To specify a role that exists in a different database, specify the role with a document.
You must have the revokeRole
action on a database to revoke a role on that database.
The accountUser01
user in the products
database has the following roles:
The following revokeRolesFromUser
command removes the two of the user’s roles: the read
role on the stock
database and the readWrite
role on the products
database, which is also the database on which the command runs:
The user accountUser01
in the products
database now has only one remaining role: