- Security >
- Security Tutorials >
- User and Role Management Tutorials >
- Assign a User a Role
Assign a User a Role¶
On this page
Changed in version 2.6.
Overview¶
A role provides a user privileges to perform a set of actions on a resource. A user can have multiple roles.
In MongoDB systems with authorization enforced, you must grant a user a
role for the user to access a database resource. To assign a role, first
determine the privileges the user needs and then determine the role that
grants those privileges.
For an overview of roles and privileges, see Authorization. For descriptions of the access each built-in role provides, see the section on built-in roles.
Prerequisites¶
You must have the grantRole action on a database to grant a role on that database.
To view a role’s information, you must be explicitly granted the
role or must have the viewRole action on the role’s database.
Procedure¶
Connect with the privilege to grant roles.¶
Connect to the mongod or mongos as a user with
the privileges specified in the Prerequisites
section.
The following procedure uses the siteUserAdmin created in
Create a User Administrator.
Identify the user’s roles and privileges.¶
To display the roles and privileges of the user to be modified, use the
db.getUser() and db.getRole() methods.
For example, to view roles for reportsUser created in
Add a User to a Database, issue:
To display the privileges granted to the user by the
readWrite role on the "accounts" database, issue:
Identify the privileges to grant or revoke.¶
If the user requires additional privileges, grant to the user the role, or roles, with the required set of privileges. If such a role does not exist, create a new role with the appropriate set of privileges.
Grant a role to a user.¶
Grant the user the role using the db.grantRolesToUser() method.
For example, the following grants new roles to the user
reportsUser created in Add a User to a Database.