usersInfo

usersInfo

Definition

usersInfo
Returns information about one or more users.

The usersInfo command has the following form:

{
  usersInfo: <various>,
  showCredentials: <Boolean>,
  showPrivileges: <Boolean>,
  showAuthenticationRestrictions: <Boolean>,
  filter: <document>
}

The command has the following fields:

FieldTypeDescriptionusersInfovariousThe user(s) about whom to return information.

The argument to usersInfo has multiple forms depending on therequested information. See usersInfo: .showCredentialsbooleanOptional. Set the field to true to display the user’s password hash. By default, thisfield is false.showPrivilegesbooleanOptional. Set the field to true to show the user’s full set of privileges, includingexpanded information for the inherited roles. By default, this fieldis false. If viewing all users, you cannot specify this field.showAuthenticationRestrictionsbooleanOptional. Set the field to true to show the user’s authentication restrictions. Bydefault, this field is false. If viewing all users, you cannot specifythis field.filterdocumentOptional. A document that specifies $match stage conditions toreturn information for users that match the filter conditions.

New in version 4.0.

usersInfo: <various>

{ usersInfo: <various> }

The argument to usersInfo has multiple forms depending on therequested information:

`{ usersInfo: 1 }`	Returns information about the users in the database where thecommand is run.The `mongo` shell provides the`db.getUsers()` helper for this invocation of the command.
`{ usersInfo: <username> }`	Return information about the a specific user that exists in thedatabase where the command is run.The `mongo` shell provides the`db.getUser()` helper for this invocation of the command.
`{ usersInfo: { user: <name>, db: <db> } }`	Returns information about the user specified by the name and database.
`{ usersInfo: [ { user: <name>, db: <db> }, … ] }{ usersInfo: [ <username1>, … ] }`	Returns information about the specified users.
`{ forAllDBs: true }`	Returns information about users in all databases.New in version 4.0.

Required Access

Users can always view their own information.

To view another user’s information, the user running the command musthave privileges that include the viewUser action on theother user’s database.

Output

The following information can be returned by theusersInfo depending on the options specified:

{
   "users" : [
      {
         "_id" : "<db>.<username>",
         "userId" : <UUID>,        // Starting in MongoDB 4.0.9
         "user" : "<username>",
         "db" : "<db>",
         "mechanisms" : [ ... ],   // Starting in MongoDB 4.0
         "customData" : <document>,
         "roles" : [ ... ],
         "credentials": { ... }, // only if showCredentials: true
         "inheritedRoles" : [ ... ],  // only if showPrivileges: true or showAuthenticationRestrictions: true
         "inheritedPrivileges" : [ ... ], // only if showPrivileges: true or showAuthenticationRestrictions: true
         "inheritedAuthenticationRestrictions" : [ ] // only if showPrivileges: true or showAuthenticationRestrictions: true
         "authenticationRestrictions" : [ ... ] // only if showAuthenticationRestrictions: true
      },
      ...
   ],
   "ok" : 1
}

Examples

View Specific Users

To see information and privileges, but not the credentials, for theuser "Kari" defined in "home" database,run the following command:

db.runCommand(
   {
     usersInfo:  { user: "Kari", db: "home" },
     showPrivileges: true
   }
)

To view a user that exists in the current database, you can specifythe user by name only. For example, if you are in the homedatabase and a user named "Kari" exists in the home database,you can run the following command:

db.getSiblingDB("home").runCommand(
   {
     usersInfo:  "Kari",
     showPrivileges: true
   }
)

View Multiple Users

To view info for several users, use an array, with or without theoptional fields showPrivileges and showCredentials. For example:

db.runCommand( {
   usersInfo: [ { user: "Kari", db: "home" }, { user: "Li", db: "myApp" } ],
   showPrivileges: true
} )

View All Users for a Database

To view all users on the database the command is run, use a command documentthat resembles the following:

db.runCommand( { usersInfo: 1 } )

When viewing all users, you can specify the showCredentials optionbut not the showPrivileges or theshowAuthenticationRestrictions options.

View All Users for a Database that Match the Specified Filter

New in version 4.0: The usersInfo command can accept a filter documentto return information for users that match the filter condition.

To view all users in the current database who have the specified role,use a command document that resembles the following:

db.runCommand( { usersInfo: 1, filter: { roles: { role: "root", db: "admin" } } } )

When viewing all users, you can specify the showCredentials optionbut not the showPrivileges or theshowAuthenticationRestrictions options.

View All Users with SCRAM-SHA-1 Credentials

New in version 4.0: The usersInfo command can accept a filter documentto return information for users that match the filter condition.

The following operation returns all users that have SCRAM-SHA-1credentials. Specifically, the command returns all users across alldatabases and then uses the $match stage to apply thespecified filter to the users.

db.runCommand( { usersInfo: { forAllDBs: true}, filter: { mechanisms: "SCRAM-SHA-1" } } )

When viewing all users, you can specify the showCredentials optionbut not the showPrivileges or theshowAuthenticationRestrictions options.