DOCS-2238 grantRolesToUser, grantRolesToRole, revokeRolesFromUser, revokeRolesFromRole

bin/builddata/htaccess-next.yaml

@@ -513,6 +513,38 @@ redirect-path: '/reference/method/js-user-management'
 url-base: '/reference/security'
 type: 'redirect'
 code: 303
+outputs:
+  - 'manual'
+  - 'before-v2.4'
+---
+redirect-path: '/reference/method/db.grantRolesToUser'
+url-base: '/reference/security'
+type: 'redirect'
+code: 303
+outputs:
+  - 'manual'
+  - 'before-v2.4'
+---
+redirect-path: '/reference/method/db.grantRolesToRole'
+url-base: '/reference/security'
+type: 'redirect'
+code: 303
+outputs:
+  - 'manual'
+  - 'before-v2.4'
+---
+redirect-path: '/reference/method/db.revokeRolesFromUser'
+url-base: '/reference/security'
+type: 'redirect'
+code: 303
+outputs:
+  - 'manual'
+  - 'before-v2.4'
+---
+redirect-path: '/reference/method/db.revokeRolesFromRole'
+url-base: '/reference/security'
+type: 'redirect'
+code: 303
 outputs:
   - 'manual'
   - 'before-v2.4'

source/includes/access-grant-roles.rst

@@ -0,0 +1,2 @@
+A user must have privileges that includes the :authaction:`grantRole` action on a
+database to grant a role on the database.

source/includes/access-revoke-roles.rst

@@ -0,0 +1,2 @@
+A user must have privileges that includes the :authaction:`revokeRole` action on
+a database to revoke a role on that database.

source/includes/ref-toc-method-role-management.yaml

@@ -28,15 +28,15 @@
 # description: |
 #   Removes the specified privileges from a user-defined role.
 # ---
-# name: :method:`db.grantRolesToRole()`
-# file: /reference/method/db.grantRolesToRole
-# description: |
-#   Specifies roles from which a user-defined role inherits privileges.
-# ---
-# name: :method:`db.revokeRolesFromRole()`
-# file: /reference/method/db.revokeRolesFromRole
-# description: |
-#   Removes a role from a user.
+name: :method:`db.grantRolesToRole()`
+file: /reference/method/db.grantRolesToRole
+description: |
+  Specifies roles from which a user-defined role inherits privileges.
+---
+name: :method:`db.revokeRolesFromRole()`
+file: /reference/method/db.revokeRolesFromRole
+description: |
+  Removes a role from a user.
 # ---
 # name: :method:`db.getRole()`
 # file: /reference/method/db.getRole
@@ -47,4 +47,4 @@
 # file: /reference/method/db.getRoles
 # description: |
 #   Returns information for all the user-defined roles in a database.
-#...
+...

source/includes/ref-toc-method-user-management.yaml

@@ -18,16 +18,16 @@ description: |
 # description: |
 #   Deletes all users associated with a database.
 # ---
-# name: :method:`db.grantRolesToUser()`
-# file: /reference/method/db.grantRolesToUser
-# description: |
-#   Grants a role and its privileges to a user.
-# ---
-# name: :method:`db.revokeRolesFromUser()`
-# file: /reference/method/db.revokeRolesFromUser
-# description: |
-#   Removes a role from a user.
-# ---
+name: :method:`db.grantRolesToUser()`
+file: /reference/method/db.grantRolesToUser
+description: |
+  Grants a role and its privileges to a user.
+---
+name: :method:`db.revokeRolesFromUser()`
+file: /reference/method/db.revokeRolesFromUser
+description: |
+  Removes a role from a user.
+---
 name: :method:`db.getUser()`
 file: /reference/method/db.getUser
 description: |

source/reference/command/grantRolesToRole-field.yaml

@@ -1,3 +1,4 @@
+#content from this page is included in /reference/method/db.grantRolesToRole-param.yaml
 object:
   name: grantRolesToRole
   type: dbcommand

source/reference/command/grantRolesToRole.txt

@@ -9,8 +9,7 @@ Definition
 
 .. dbcommand:: grantRolesToRole
 
-   Add additional roles to a :ref:`user-defined <user-defined-roles>`
-   role.
+   Grants roles to a :ref:`user-defined role <user-defined-roles>`.
 
    The :dbcommand:`grantRolesToRole` command affects roles on the
    database where the command runs. :dbcommand:`grantRolesToRole` has
@@ -36,8 +35,7 @@ Definition
 Required Access
 ---------------
 
-To grant a role, a user must have access that includes the
-:authaction:`grantRole` action on the relevant database.
+.. include:: /includes/access-grant-roles.rst
 
 Example
 -------

source/reference/command/grantRolesToUser-field.yaml

@@ -1,3 +1,4 @@
+#content from this page is included in /reference/method/db.grantRolesToUser-param.yaml
 object:
   name: grantRolesToUser
   type: dbcommand

source/reference/command/grantRolesToUser.txt

@@ -9,8 +9,7 @@ Definition
 
 .. dbcommand:: grantRolesToUser
 
-   Grants an additional role to a user. Use :dbcommand:`grantRolesToUser` to grant
-   one or more roles.
+   Grants additional roles to a user.
 
    The :dbcommand:`grantRolesToUser` command uses the following syntax:
 
@@ -31,12 +30,12 @@ Definition
 Required Access
 ---------------
 
-.. include:: /includes/access-grant-role-to-user.rst
+.. include:: /includes/access-grant-roles.rst
 
 Example
 -------
 
-Given a user ``Erin`` in the ``products`` database with the following
+Given a user ``accountUser01`` in the ``products`` database with the following
 roles:
 
 .. code-block:: javascript
@@ -47,23 +46,22 @@ roles:
        }
    ]
 
-The following :dbcommand:`grantRolesToUser` command gives ``Erin`` the
+The following :dbcommand:`grantRolesToUser` operation gives ``accountUser01`` the
 :authrole:`read` role on the ``stock`` database and the
-:authrole:`readWrite` role on the ``products`` database where the
-:dbcommand:`grantRolesToUser` command runs.
+:authrole:`readWrite` role on the ``products`` database.
 
 .. code-block:: javascript
 
    use products
-   db.runCommand( { grantRolesToUser: "Erin",
+   db.runCommand( { grantRolesToUser: "accountUser01",
                     roles: [
                        { role: "read", db: "stock"},
                        "readWrite"
                     ],
                     writeConcern: { w: "majority" , wtimeout: 2000 }
                 } )
 
-The user ``Erin`` in the ``products`` database now has the following
+The user ``accountUser01`` in the ``products`` database now has the following
 roles:
 
 .. code-block:: javascript

source/reference/command/revokeRolesFromRole-field.yaml

@@ -1,3 +1,4 @@
+#content from this page is included in /reference/method/db.revokeRolesFromRole-param.yaml
 object:
   name: revokeRolesFromRole
   type: dbcommand

source/reference/command/revokeRolesFromRole.txt

@@ -32,15 +32,13 @@ Definition
 Required Access
 ---------------
 
-To run :dbcommand:`revokeRolesFromRole`, a user's privileges
-must include the :authaction:`revokeRole` action on the
-database.
+.. include:: /includes/access-revoke-roles.rst
 
 Example
 -------
 
-A role ``purchaseAgents`` in the ``emea`` database inherits from
-several roles, as listed in the ``"roles"`` array:
+The ``purchaseAgents`` role in the ``emea`` database inherits privileges
+from several other roles, as listed in the ``roles`` array:
 
 .. code-block:: javascript
 
@@ -50,25 +48,25 @@ several roles, as listed in the ``"roles"`` array:
       "db" : "emea",
       "privileges" : [],
       "roles" : [
+         {
+            "role" : "readWrite",
+            "db" : "sa"
+         },
          {
             "role" : "readWrite",
             "db" : "emea"
          },
          {
             "role" : "readAnyDatabase",
             "db" : "admin"
-         },
-         {
-            "role" : "readWrite",
-            "db" : "asia-invoices"
          }
       ]
    }
 
-The following :dbcommand:`revokeRolesFromRole` command removes the
-:authrole:`readWrite` role on the ``emea`` database, which is the
-database where the command runs, and removes the
-:authrole:`readAnyDatabase` role:
+The following :dbcommand:`revokeRolesFromRole` operation on the ``emea``
+database removes two roles from the ``purchaseAgents`` role. The operation
+removes the :authrole:`readWrite` role on the ``emea`` database and the
+:authrole:`readAnyDatabase` role on the ``admin`` database:
 
 .. code-block:: javascript
 
@@ -81,7 +79,7 @@ database where the command runs, and removes the
                      writeConcern: { w: "majority" , wtimeout: 5000 }
                 } )
 
-The role ``purchaseAgents`` now inherits from one role:
+The ``purchaseAgents`` role now contains just one role:
 
 .. code-block:: javascript
 
@@ -93,7 +91,7 @@ The role ``purchaseAgents`` now inherits from one role:
       "roles" : [
          {
             "role" : "readWrite",
-            "db" : "asia-invoices"
+            "db" : "sa"
          }
       ]
    }

source/reference/command/revokeRolesFromUser-field.yaml

@@ -1,3 +1,4 @@
+#content from this page is included in /reference/method/db.revokeRolesFromUser-param.yaml
 object:
   name: revokeRolesFromUser
   type: dbcommand

source/reference/command/revokeRolesFromUser.txt

@@ -9,7 +9,7 @@ Definition
 
 .. dbcommand:: revokeRolesFromUser
 
-   Removes a one or more roles from a user, on the database where the
+   Removes a one or more roles from a user on the database where the
    roles exist. The :dbcommand:`revokeRolesFromUser` command uses the
    following syntax:
 
@@ -33,12 +33,12 @@ Definition
 Required Access
 ---------------
 
-.. include:: /includes/access-revoke-role-from-user.rst
+.. include:: /includes/access-revoke-roles.rst
 
 Example
 -------
 
-Given a user ``Erin`` in the ``products`` database with the following
+The ``accountUser01`` user in the ``products`` database has the following
 roles:
 
 .. code-block:: javascript
@@ -55,23 +55,24 @@ roles:
        }
    ]
 
-The following :dbcommand:`revokeRolesFromUser` command removes the
-:authrole:`read` role on the ``stock`` database and the
-:authrole:`readWrite` role from the ``products`` database, where the
-command runs:
+The following :dbcommand:`revokeRolesFromUser` command removes the two of
+the user's roles: the :authrole:`read` role on the ``stock`` database and
+the :authrole:`readWrite` role on the ``products`` database, which is also
+the database on which the command runs:
 
 .. code-block:: javascript
 
    use products
-   db.runCommand( { revokeRolesFromUser: "Erin",
+   db.runCommand( { revokeRolesFromUser: "accountUser01",
                     roles: [
                              { role: "read", db: "stock" },
-                             { role: "readWrite", db: "products" }
+                             "readWrite"
                     ],
                     writeConcern: { w: "majority" }
                 } )
 
-The user ``Erin`` in the ``products`` database  now has only one role:
+The user ``accountUser01`` in the ``products`` database now has only one
+remaining role:
 
 .. code-block:: javascript
 

source/reference/command/updateUser-field.yaml

@@ -20,7 +20,7 @@ name: pwd
 type: string
 position: 2
 description: |
-  The user's password. See :ref:`updateUser-pwd-field-consideration`.
+  The user's password.
 ---
 object:
   name: updateUser

source/reference/method/db.grantRolesToRole-param.yaml

@@ -0,0 +1,20 @@
+object:
+  name: db.grantRolesToRole
+  type: method
+field:
+  optional: false
+  type: param
+name: rolename
+type: string
+position: 1
+description: |
+  The name of the role to which to grant sub roles.
+---
+file: /reference/command/grantRolesToUser-field.yaml
+name: roles
+position: 2
+---
+file: /reference/command/grantRolesToUser-field.yaml
+name: writeConcern
+position: 3
+...