usersInfo
定义
兼容性
此命令可用于以下环境中托管的部署:
MongoDB Enterprise:基于订阅、自我管理的 MongoDB 版本
MongoDB Community:源代码可用、免费使用且可自行管理的 MongoDB 版本
注意
This command is not supported in MongoDB Atlas. For information on Atlas support for all commands, see Unsupported Commands.
语法
该命令具有以下语法:
db.runCommand( { usersInfo: <various>, showCredentials: <Boolean>, showCustomData: <Boolean>, showPrivileges: <Boolean>, showAuthenticationRestrictions: <Boolean>, filter: <document>, comment: <any> } )
命令字段
该命令接受以下字段:
字段 | 类型 | 说明 |
|---|---|---|
| various | The user(s) about whom to return information. The argument to |
| 布尔 | 可选。设置为 默认情况下,此字段为 |
| 布尔 | 可选。设置为 默认情况下,此字段为 5.2 版本中的新增功能。 |
| 布尔 | 可选。设置为 默认情况下,此字段为 如果查看所有用户,则不能指定此字段。 |
| 布尔 | Optional. Set to 默认情况下,此字段为 如果查看所有用户,则不能指定此字段。 |
| 文档 | 可选。指定 |
| any | 可选。用户提供的待附加到该命令的注释。设置后,该注释将与该命令的记录一起出现在以下位置:
注释可以是任何有效的 BSON 类型(字符串、整型、对象、数组等)。 |
usersInfo: <various>
{ usersInfo: <various> }
The argument to usersInfo has multiple forms depending on the
requested information:
Argument | 返回: |
|---|---|
| Returns information about the users in the database where the command is run.
|
| Return information about the a specific user that exists in the database where the command is run.
|
| Returns information about the user specified by the name and database. |
{ usersInfo: [ { user: <name>, db: <db> }, ... ] }{ usersInfo: [ <username1>, ... ] } | 返回指定用户的信息。 |
| Returns information about users in all databases. |
必需的访问权限
Users can always view their own information.
To view another user's information, the user running the command must
have privileges that include the viewUser action on the
other user's database.
输出
The following information can be returned by the
usersInfo depending on the options specified:
{ "users" : [ { "_id" : "<db>.<username>", "userId" : <UUID>, "user" : "<username>", "db" : "<db>", "mechanisms" : [ ... ], "customData" : <document>, "roles" : [ ... ], "credentials": { ... }, // only if showCredentials: true "inheritedRoles" : [ ... ], // only if showPrivileges: true or showAuthenticationRestrictions: true "inheritedPrivileges" : [ ... ], // only if showPrivileges: true or showAuthenticationRestrictions: true "inheritedAuthenticationRestrictions" : [ ] // only if showPrivileges: true or showAuthenticationRestrictions: true "authenticationRestrictions" : [ ... ] // only if showAuthenticationRestrictions: true }, ... ], "ok" : 1 }
示例
View Specific Users
To see information and privileges, but not the credentials, for the
user "Kari" defined in "home" database,
run the following command:
db.runCommand( { usersInfo: { user: "Kari", db: "home" }, showPrivileges: true } )
To view a user that exists in the current database, you can specify
the user by name only. For example, if you are in the home
database and a user named "Kari" exists in the home database,
you can run the following command:
db.getSiblingDB("home").runCommand( { usersInfo: "Kari", showPrivileges: true } )
View Multiple Users
To view info for several users, use an array, with or without the
optional fields showPrivileges and showCredentials. For example:
db.runCommand( { usersInfo: [ { user: "Kari", db: "home" }, { user: "Li", db: "myApp" } ], showPrivileges: true } )
View All Users for a Database
To view all users on the database the command is run, use a command document that resembles the following:
db.runCommand( { usersInfo: 1 } )
查看所有用户时,可以指定 showCredentials 选项,但不能指定 showPrivileges 或 showAuthenticationRestrictions 选项。
查看数据库中符合指定过滤器的所有用户
The usersInfo command can accept a filter document
to return information for users that match the filter condition.
To view all users in the current database who have the specified role, use a command document that resembles the following:
db.runCommand( { usersInfo: 1, filter: { roles: { role: "root", db: "admin" } } } )
查看所有用户时,可以指定 showCredentials 选项,但不能指定 showPrivileges 或 showAuthenticationRestrictions 选项。
View All Users with SCRAM-SHA-1 Credentials
The usersInfo command can accept a filter document
to return information for users that match the filter condition.
The following operation returns all users that have SCRAM-SHA-1
credentials. Specifically, the command returns all users across all
databases and then uses the $match stage to apply the
specified filter to the users.
db.runCommand( { usersInfo: { forAllDBs: true}, filter: { mechanisms: "SCRAM-SHA-1" } } )
查看所有用户时,可以指定 showCredentials 选项,但不能指定 showPrivileges 或 showAuthenticationRestrictions 选项。
从输出中省略自定义数据
版本 5.2 中的新增功能:要省略 usersInfo输出中用户的自定义数据,请将 showCustomData 选项设置为 false。
使用 createUser 命令在 products 数据库上创建名为 accountAdmin01 的用户:
db.getSiblingDB("products").runCommand( { createUser: "accountAdmin01", pwd: passwordPrompt(), customData: { employeeId: 12345 }, roles: [ { role: 'readWrite', db: 'products' } ] } )
用户包含一个 customData 字段 { employeeId: 12345 }。
要检索用户但从输出中省略自定义数据,请运行 usersInfo 并将 showCustomData 设置为 false:
db.getSiblingDB("products").runCommand ( { usersInfo: "accountAdmin01", showCustomData: false } )
示例输出:
{ users: [ { _id: 'products.accountAdmin01', userId: UUID("0955afc1-303c-4683-a029-8e17dd5501f4"), user: 'accountAdmin01', db: 'products', roles: [ { role: 'readWrite', db: 'products' } ], mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ] } ], ok: 1 }