assign a user a role

source/includes/access-grant-user-role.rst

@@ -0,0 +1,2 @@
+To grant a role, a user must have access that includes the
+:authaction:`grantAnyRole` action on the relevant database.

source/reference/command/grantRolesToUser.txt

@@ -32,8 +32,7 @@ Definition
 Required Access
 ---------------
 
-To grant a role, a user must have access that includes the
-:authaction:`grantAnyRole` action on the relevant database.
+.. include:: /includes/access-grant-user-role.rst
 
 Example
 -------

source/tutorial/assign-a-user-a-role.txt

@@ -0,0 +1,51 @@
+====================
+Assign a User a Role
+====================
+
+.. default-domain:: mongodb
+
+Overview
+--------
+
+Assign a user a role to give the user access to resources according to the
+operational needs of the deployment.
+
+Prerequisites
+-------------
+
+.. include:: /includes/access-grant-user-role.rst
+
+Procedure
+---------
+
+Identify the Privileges to Assign
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Identify the :doc:`privileges </reference/user-privileges>` to make
+available to the user. Privileges are combinations of database resources
+and :ref:`actions <security-user-actions>`.
+
+Identify the Role with Those Privileges
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Determine whether an existing role contains those privileges, and only
+those privileges. If such a role does not exist, see the :docs:`procedure
+for creating a role </tutorial/define-roles>`.
+
+Grant the Role to the User
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Grant the role using the :dbcommand:`grantRolesToUser` command. For
+example, to grant the user ``Alice`` the :authrole:`read` role on the
+``stock`` database, run the following.
+
+.. code-block:: javascript
+
+   db.runCommand( { grantRolesToUser: "Alice",
+                    roles: [
+                       { role: "read", db: "stock"},
+                    ],
+                } )
+
+The :dbcommand:`grantRolesToUser` command adds role to ``Alice``'s
+existing roles.