[DOCS-11530] Docs for SERVER-32975: Enhance usersInfo for credential inspection Created: 03/Apr/18  Updated: 29/Oct/23  Resolved: 15/May/18

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 3.7.4

Type: Task Priority: Major - P3
Reporter: Kay Kim (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-32975 Enhance usersInfo for credential insp... Closed
Related
related to DOCS-11592 Docs for SERVER-34401: Provide a way ... Closed
is related to DOCS-11384 Docs for SERVER-32974: Enhance create... Closed
Participants:
Days since reply: 5 years, 39 weeks, 1 day ago
Epic Link: DOCS: 4.0 Server

 Description   

Documentation Request Summary:

The

{usersInfo}

command now lists the authentication mechanisms supported by a user, in a field called 'mechanisms'. This field is an array of strings. Additionally, it shall now accept a 'filter' argument containing an aggregation expression. This expression shall be applied in a $match to the output of the userInfo command. This filter may be used to identify users which support particular authentication mechanisms.

Scope of changes:

Add to output field mechanisms and add optional filter argument 

  • reference/method/db.getUser/
  • reference/method/db.getUsers/
  • reference/command/usersInfo
  • 4.0

Add argument forAllDBs:true (DOCS-11592)

  • reference/command/usersInfo (for command only)
  • 4.0

Impact to other docs outside of this product:

  • None (per Marian search)

MVP:

Resources:

Engineering Ticket Description:

The output of usersInfo shall now include the list of authentication mechanisms its credentials provide support for if the {showCredentials: true} argument is not provided. Note that this is not necessarily equal to the set of authentication mechanisms which may be used to authenticate as the user. If {showCredentials: true} is provided, the command shall display all credentials attached to the targeted users, as before.

The usersInfo command field shall accept an Object with Boolean field named 'forAllDBs'. When set to True, usersInfo shall return results for all users in all databases. To enable this flag, the user must have the viewUser ActionType on the cluster resource. This privilege will be granted to the root and userAdminAnyDatabase builtin role.

The usersInfo command shall accept a new form of user selector. The command shall accept a new Object field named ‘filter’ accepting a query expression, which shall be applied to filter all documents which would be returned. This field can be used to find users with specific types of credentials. It may not, at present, be used with showPrivilleges, or showAuthenticationRestrictions enabled.

Example:

MongoDB Enterprise > db.runCommand({usersInfo: {forAllDBs: true}, filter: {"credentials.SCRAM-SHA-1": {$exists: true}}})
{
        "users" : [
                {
                        "_id" : "test.sajack",
                        "user" : "sajack",
                        "db" : "test",
                        "credentials" : {
                                "SCRAM-SHA-1" : true,
                                "SCRAM-SHA-256" : true,
 
                        },
                        "roles" : [
                                {
                                        "role" : "readWrite",
                                        "db" : "test"
                                }
                        ]
                }
        ],
        "ok" : 1
}



 Comments   
Comment by Githook User [ 15/May/18 ]

Author:

{'email': 'kay.kim@10gen.com', 'username': 'kay-kim', 'name': 'kay'}

Message: DOCS-11530,DOCS-11592: usersInfo
Branch: master
https://github.com/mongodb/docs/commit/75456d944ca7597c3369edf266a461d345ecdc0f

Generated at Thu Feb 08 08:03:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.