[SERVER-32975] Enhance usersInfo for credential inspection Created: 29/Jan/18  Updated: 29/Oct/23  Resolved: 26/Mar/18

Status: Closed
Project: Core Server
Component/s: Admin, Security
Affects Version/s: None
Fix Version/s: 3.7.4

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
is documented by DOCS-11530 Docs for SERVER-32975: Enhance usersI... Closed
Related
related to SERVER-18598 usersInfo command could list all user... Closed
Backwards Compatibility: Minor Change
Sprint: Platforms 2018-03-26, Platforms 2018-04-09
Participants:

 Description   

The output of usersInfo shall now include the list of authentication mechanisms its credentials provide support for. Note that this is not necessarily equal to the set of authentication mechanisms which may be used to authenticate as the user. This information is provided in an Array field called "mechanisms.

The usersInfo command field shall accept an Object with Boolean field named 'forAllDBs'. When set to True, usersInfo shall return results for all users in all databases. To enable this flag, the user must have the viewUser ActionType on the cluster resource. This privilege will be granted to the root and userAdminAnyDatabase builtin role.

The usersInfo command shall accept a new form of user selector. The command shall accept a new Object field named ‘filter’ accepting a query expression, which shall be applied to filter all documents which would be returned. This field can be used to find users with specific types of credentials. It may not, at present, be used with showPrivilleges, or showAuthenticationRestrictions enabled.

Example:

MongoDB Enterprise > db.runCommand({usersInfo: {forAllDBs: true}, filter: {mechanisms:{$eq: "SCRAM-SHA-1"}}})
{
        "users" : [
                {
                        "_id" : "admin.sajack",
                        "user" : "sajack",
                        "db" : "admin",
                        "roles" : [ ],
                        "mechanisms" : [
                                "SCRAM-SHA-1"
                        ]
                },
                {
                        "_id" : "admin.sajack2",
                        "user" : "sajack2",
                        "db" : "admin",
                        "roles" : [ ],
                        "mechanisms" : [
                                "SCRAM-SHA-1",
                                "SCRAM-SHA-256"
                        ]
                }
        ],
        "ok" : 1
}



 Comments   
Comment by Githook User [ 26/Mar/18 ]

Author:

{'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}

Message: SERVER-32975: Expose mechanism info in usersInfo
Branch: master
https://github.com/mongodb/mongo/commit/20f97bc8f600025e9d8085c29d7e41fca342a5a9

Generated at Thu Feb 08 04:31:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.