usersInfo
Definition
Syntax
The command has the following syntax:
db.runCommand( { usersInfo: <various>, showCredentials: <Boolean>, showCustomData: <Boolean>, showPrivileges: <Boolean>, showAuthenticationRestrictions: <Boolean>, filter: <document>, comment: <any> } )
Command Fields
The command takes the following fields:
Field | Type | Description |
---|---|---|
usersInfo | various | The user(s) about whom to return information. The argument to |
showCredentials | boolean | Optional. Set to By default, this field is |
showCustomData | boolean | Optional. Set to By default, this field is New in version 5.2. |
showPrivileges | boolean | Optional. Set to By default, this field is If viewing all users, you cannot specify this field. |
showAuthenticationRestrictions | boolean | Optional. Set to By default, this field is If viewing all users, you cannot specify this field. |
filter | document | Optional. A document that specifies $match stage
conditions to return information for users that match the
filter conditions. |
comment | any | Optional. A user-provided comment to attach to this command. Once set, this comment appears alongside records of this command in the following locations:
A comment can be any valid BSON type (string, integer, object, array, etc). |
usersInfo: <various>
{ usersInfo: <various> }
The argument to usersInfo
has multiple forms depending on the
requested information:
Argument | Returns |
---|---|
{ usersInfo: 1 } | Returns information about the users in the database where the command is run.
|
{ usersInfo: <username> } | Return information about the a specific user that exists in the database where the command is run.
|
{ usersInfo: { user: <name>, db: <db> } } | Returns information about the user specified by the name and database. |
{ usersInfo: [ { user: <name>, db: <db> }, ... ] } { usersInfo: [ <username1>, ... ] } | Returns information about the specified users. |
{ forAllDBs: true } | Returns information about users in all databases. |
Required Access
Users can always view their own information.
To view another user's information, the user running the command must
have privileges that include the viewUser
action on the
other user's database.
Output
The following information can be returned by the
usersInfo
depending on the options specified:
{ "users" : [ { "_id" : "<db>.<username>", "userId" : <UUID>, "user" : "<username>", "db" : "<db>", "mechanisms" : [ ... ], "customData" : <document>, "roles" : [ ... ], "credentials": { ... }, // only if showCredentials: true "inheritedRoles" : [ ... ], // only if showPrivileges: true or showAuthenticationRestrictions: true "inheritedPrivileges" : [ ... ], // only if showPrivileges: true or showAuthenticationRestrictions: true "inheritedAuthenticationRestrictions" : [ ] // only if showPrivileges: true or showAuthenticationRestrictions: true "authenticationRestrictions" : [ ... ] // only if showAuthenticationRestrictions: true }, ... ], "ok" : 1 }
Examples
View Specific Users
To see information and privileges, but not the credentials, for the
user "Kari"
defined in "home"
database,
run the following command:
db.runCommand( { usersInfo: { user: "Kari", db: "home" }, showPrivileges: true } )
To view a user that exists in the current database, you can specify
the user by name only. For example, if you are in the home
database and a user named "Kari"
exists in the home
database,
you can run the following command:
db.getSiblingDB("home").runCommand( { usersInfo: "Kari", showPrivileges: true } )
View Multiple Users
To view info for several users, use an array, with or without the
optional fields showPrivileges
and showCredentials
. For example:
db.runCommand( { usersInfo: [ { user: "Kari", db: "home" }, { user: "Li", db: "myApp" } ], showPrivileges: true } )
View All Users for a Database
To view all users on the database the command is run, use a command document that resembles the following:
db.runCommand( { usersInfo: 1 } )
When viewing all users, you can specify the showCredentials
option
but not the showPrivileges
or the
showAuthenticationRestrictions
options.
View All Users for a Database that Match the Specified Filter
The usersInfo
command can accept a filter
document
to return information for users that match the filter condition.
To view all users in the current database who have the specified role, use a command document that resembles the following:
db.runCommand( { usersInfo: 1, filter: { roles: { role: "root", db: "admin" } } } )
When viewing all users, you can specify the showCredentials
option
but not the showPrivileges
or the
showAuthenticationRestrictions
options.
View All Users with SCRAM-SHA-1
Credentials
The usersInfo
command can accept a filter
document
to return information for users that match the filter condition.
The following operation returns all users that have SCRAM-SHA-1
credentials. Specifically, the command returns all users across all
databases and then uses the $match
stage to apply the
specified filter to the users.
db.runCommand( { usersInfo: { forAllDBs: true}, filter: { mechanisms: "SCRAM-SHA-1" } } )
When viewing all users, you can specify the showCredentials
option
but not the showPrivileges
or the
showAuthenticationRestrictions
options.
Omit Custom Data from Output
New in version 5.2: To omit users' custom data from the usersInfo
output,
set the showCustomData
option to false
.
Use the createUser
command to create a user named
accountAdmin01
on the products
database:
db.getSiblingDB("products").runCommand( { createUser: "accountAdmin01", pwd: passwordPrompt(), customData: { employeeId: 12345 }, roles: [ { role: 'readWrite', db: 'products' } ] } )
The user contains a customData
field of { employeeId: 12345 }
.
To retrieve the user but omit the custom data from the output, run
usersInfo
with showCustomData
set to false
:
db.getSiblingDB("products").runCommand ( { usersInfo: "accountAdmin01", showCustomData: false } )
Example output:
{ users: [ { _id: 'products.accountAdmin01', userId: UUID("0955afc1-303c-4683-a029-8e17dd5501f4"), user: 'accountAdmin01', db: 'products', roles: [ { role: 'readWrite', db: 'products' } ], mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ] } ], ok: 1 }