The output of usersInfo shall now include the list of authentication mechanisms its credentials provide support for. Note that this is not necessarily equal to the set of authentication mechanisms which may be used to authenticate as the user. This information is provided in an Array field called "mechanisms.
The usersInfo command field shall accept an Object with Boolean field named 'forAllDBs'. When set to True, usersInfo shall return results for all users in all databases. To enable this flag, the user must have the viewUser ActionType on the cluster resource. This privilege will be granted to the root and userAdminAnyDatabase builtin role.
The usersInfo command shall accept a new form of user selector. The command shall accept a new Object field named ‘filter’ accepting a query expression, which shall be applied to filter all documents which would be returned. This field can be used to find users with specific types of credentials. It may not, at present, be used with showPrivilleges, or showAuthenticationRestrictions enabled.
Example:
MongoDB Enterprise > db.runCommand({usersInfo: {forAllDBs: true}, filter: {mechanisms:{$eq: "SCRAM-SHA-1"}}})
{
"users" : [
{
"_id" : "admin.sajack",
"user" : "sajack",
"db" : "admin",
"roles" : [ ],
"mechanisms" : [
"SCRAM-SHA-1"
]
},
{
"_id" : "admin.sajack2",
"user" : "sajack2",
"db" : "admin",
"roles" : [ ],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
],
"ok" : 1
}
- is documented by
-
DOCS-11530 Docs for SERVER-32975: Enhance usersInfo for credential inspection
-
- Closed
-
- related to
-
SERVER-18598 usersInfo command could list all users in all databases
-
- Closed
-