Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 3.7.4
Affects Version/s: None
Component/s: None
Labels:
None

Epic Link:
DOCS: 4.0 Server

Documentation Request Summary:

The

{usersInfo}

command now lists the authentication mechanisms supported by a user, in a field called 'mechanisms'. This field is an array of strings. Additionally, it shall now accept a 'filter' argument containing an aggregation expression. This expression shall be applied in a $match to the output of the userInfo command. This filter may be used to identify users which support particular authentication mechanisms.

Scope of changes:

Add to output field mechanisms and add optional filter argument

reference/method/db.getUser/
reference/method/db.getUsers/
reference/command/usersInfo
4.0

Add argument forAllDBs:true (~~DOCS-11592~~)

reference/command/usersInfo (for command only)
4.0

Impact to other docs outside of this product:

None (per Marian search)

MVP:

Resources:

Engineering Ticket Description:

The output of usersInfo shall now include the list of authentication mechanisms its credentials provide support for if the {showCredentials: true} argument is not provided. Note that this is not necessarily equal to the set of authentication mechanisms which may be used to authenticate as the user. If {showCredentials: true} is provided, the command shall display all credentials attached to the targeted users, as before.

The usersInfo command field shall accept an Object with Boolean field named 'forAllDBs'. When set to True, usersInfo shall return results for all users in all databases. To enable this flag, the user must have the viewUser ActionType on the cluster resource. This privilege will be granted to the root and userAdminAnyDatabase builtin role.

The usersInfo command shall accept a new form of user selector. The command shall accept a new Object field named ‘filter’ accepting a query expression, which shall be applied to filter all documents which would be returned. This field can be used to find users with specific types of credentials. It may not, at present, be used with showPrivilleges, or showAuthenticationRestrictions enabled.

Example:

MongoDB Enterprise > db.runCommand({usersInfo: {forAllDBs: true}, filter: {"credentials.SCRAM-SHA-1": {$exists: true}}})
{
        "users" : [
                {
                        "_id" : "test.sajack",
                        "user" : "sajack",
                        "db" : "test",
                        "credentials" : {
                                "SCRAM-SHA-1" : true,
                                "SCRAM-SHA-256" : true,

                        },
                        "roles" : [
                                {
                                        "role" : "readWrite",
                                        "db" : "test"
                                }
                        ]
                }
        ],
        "ok" : 1
}

documents

SERVER-32975 Enhance usersInfo for credential inspection

Closed

is related to

DOCS-11384 Docs for SERVER-32974: Enhance createUser and updateUser to support SCRAM-SHA-256

Closed

related to

DOCS-11592 Docs for SERVER-34401: Provide a way for usersInfo to return all users on every database

Closed

Assignee:: Kay Kim (Inactive)

Reporter:: Kay Kim (Inactive)

Participants:: Githook User, Kay Kim

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: Apr 03 2018 04:14:45 AM UTC

Updated:: Oct 29 2023 01:58:06 PM UTC

Resolved:: May 15 2018 06:23:37 PM UTC

Days since reply:: 5 years, 50 weeks, 1 day ago

Details

Description

Documentation Request Summary:

Scope of changes:

Impact to other docs outside of this product:

MVP:

Resources:

Engineering Ticket Description:

Attachments

Issue Links

Activity

People

Dates