Docs Menu

Docs HomeDevelop ApplicationsMongoDB Manual

db.revokeRolesFromUser()

On this page

  • Definition
  • Behavior
  • Required Access
  • Example
db.revokeRolesFromUser()

Removes one or more roles from a user on the current database.

Important

mongosh Method

This page documents a mongosh method. This is not the documentation for database commands or language-specific drivers, such as Node.js.

For the database command, see the revokeRolesFromUser command.

For MongoDB API drivers, refer to the language-specific MongoDB driver documentation.

For the legacy mongo shell documentation, refer to the documentation for the corresponding MongoDB Server release:

mongo shell v4.4

The db.revokeRolesFromUser() method uses the following syntax:

db.revokeRolesFromUser( "<username>", [ <roles> ], { <writeConcern> } )

The db.revokeRolesFromUser() method takes the following arguments:

Parameter
Type
Description
user
string
The name of the user from whom to revoke roles.
roles
array
The roles to remove from the user.
writeConcern
document

Optional. The level of write concern for the operation. See Write Concern Specification.

In the roles field, you can specify both built-in roles and user-defined roles.

To specify a role that exists in the same database where db.revokeRolesFromUser() runs, you can either specify the role with the name of the role:

"readWrite"

Or you can specify the role with a document, as in:

{ role: "<role>", db: "<database>" }

To specify a role that exists in a different database, specify the role with a document.

The db.revokeRolesFromUser() method wraps the revokeRolesFromUser command.

If run on a replica set, db.revokeRolesFromUser() is executed using "majority" write concern by default.

You must have the revokeRole action on a database to revoke a role on that database.

The accountUser01 user in the products database has the following roles:

"roles" : [
{ "role" : "assetsReader",
"db" : "assets"
},
{ "role" : "read",
"db" : "stock"
},
{ "role" : "readWrite",
"db" : "products"
}
]

The following db.revokeRolesFromUser() method removes the two of the user's roles: the read role on the stock database and the readWrite role on the products database, which is also the database on which the method runs:

use products
db.revokeRolesFromUser( "accountUser01",
[ { role: "read", db: "stock" }, "readWrite" ],
{ w: "majority" }
)

The user accountUser01 user in the products database now has only one remaining role:

"roles" : [
{ "role" : "assetsReader",
"db" : "assets"
}
]
←  db.removeUser()db.updateUser() →