On this page本页内容
db.revokeRolesFromUser()¶Removes a one or more roles from a user on the current database. The db.revokeRolesFromUser() method uses the following syntax:
The revokeRolesFromUser method takes the following arguments:
user |
string | The name of the user from whom to revoke roles. |
roles |
array | The roles to remove from the user. |
writeConcern |
document | writeConcern document takes the same fields as the getLastError command. |
In the roles field, you can specify both built-in roles and user-defined roles.
To specify a role that exists in the same database where db.revokeRolesFromUser() runs, you can either specify the role with the name of the role:
Or you can specify the role with a document, as in:
To specify a role that exists in a different database, specify the role with a document.
The db.revokeRolesFromUser() method wraps the revokeRolesFromUser command.
If run on a replica set, db.revokeRolesFromUser() is executed using majority write concern by default.
You must have the revokeRole action on a database to revoke a role on that database.
The accountUser01 user in the products database has the following roles:
The following db.revokeRolesFromUser() method removes the two of the user’s roles: the read role on the stock database and the readWrite role on the products database, which is also the database on which the method runs:
The user accountUser01 user in the products database now has only one remaining role: