system.users Collection集合

On this page本页内容

The system.users collection in the admin database stores user authentication and authorization information. admin数据库中的system.users集合存储用户身份验证和授权信息。To manage data in this collection, MongoDB provides user management commands.为了管理此集合中的数据,MongoDB提供了用户管理命令

system.users Schema架构

The documents in the system.users collection have the following schema:system.users集合中的文档具有以下架构:

{
  _id: <system defined id>,
  userId : <system assigned UUID>,  // Starting in MongoDB 4.0.9
  user: "<name>",
  db: "<database>",
  credentials: { <authentication credentials> },
  roles: [
           { role: "<role name>", db: "<database>" },
           ...
         ],
  customData: <custom information>,
  authenticationRestrictions : [ <documents> ] // Starting in MongoDB 4.0
 }

Each system.users document has the following fields:每个system.users文档都有以下字段:

admin.system.users.userId

A unique identifier for the user assigned to the user upon creation.创建时分配给用户的用户的唯一标识符。

userId is available for users created in MongoDB 4.0.9 and later.userId可用于在MongoDB 4.0.9及更高版本中创建的用户。

New in version 4.0.9.在版本4.0.9中新增

admin.system.users.user

The user name. 用户名。A user exists in the context of a single logical database (see admin.system.users.db) but can have access on other databases through roles specified in the roles array.用户存在于单个逻辑数据库的上下文中(请参见admin.system.users.db),但可以通过roles数组中指定的角色访问其他数据库。

admin.system.users.db

The authentication database associated with the user. 与用户关联的身份验证数据库The user's privileges are not necessarily limited to this database. 用户的权限不一定限于此数据库。The user can have privileges in additional databases through the roles array.用户可以通过roles数组在其他数据库中拥有权限。

admin.system.users.credentials

User's authentication information. 用户的身份验证信息。For users with externally stored authentication credentials, such as users that use Kerberos or x.509 certificates for authentication, the system.users document for that user does not contain the credentials field. 对于具有外部存储的身份验证凭据的用户,例如使用Kerberos或x.509证书进行身份验证的用户,该用户的system.users文档不包含credentials字段。For SCRAM user credentials, the information includes the mechanism, iteration count, and authentication parameters.对于SCRAM用户凭据,信息包括机制、迭代计数和身份验证参数。

Tip提示
admin.system.users.roles

An array of roles granted to the user. 授予用户的角色数组。The array contains both built-in roles and user-defined role.该数组包含内置角色用户定义角色

A role document has the following syntax:角色文档具有以下语法:

{ role: "<role name>", db: "<database>" }

A role document has the following fields:角色文档包含以下字段:

admin.system.users.roles[n].role

The name of a role. 角色的名称。A role can be a built-in role provided by MongoDB or a custom user-defined role.角色可以是MongoDB提供的内置角色,也可以是自定义的用户定义角色

admin.system.users.roles[n].db

The name of the database where role is defined.定义角色的数据库的名称。

When specifying a role using the role management or user management commands, you can specify the role name alone (e.g. "readWrite") if the role that exists on the database on which the command is run.使用角色管理用户管理命令指定角色时,如果运行该命令的数据库中存在角色,则可以单独指定角色名称(例如"readWrite")。

admin.system.users.customData

Optional custom information about the user.关于用户的可选自定义信息。

admin.system.users.authenticationRestrictions

An array of authentication restrictions the server enforces for the user. 服务器为用户实施的一系列身份验证限制。The array containsa list of IP addresses and CIDR ranges from which the user is allowed to connect to the server or from which the server can accept users.该数组包含一个IP地址和CIDR范围列表,从中用户可以连接到服务器,或者服务器可以从中接受用户。

New in version 4.0.在版本4.0中新增

Example示例

Consider the following document in the system.users collection:考虑system.users集合中的以下文档:

{
   "_id" : "home.Kari",
   "userId" : UUID("ec1eced7-055a-4ca8-8737-60dd02c52793"),  // Available starting in MongoDB 4.0.9
   "user" : "Kari",
   "db" : "home",
   "credentials" : {
      "SCRAM-SHA-1" : {
         "iterationCount" : 10000,
         "salt" : "S/xM2yXFosynbCu4GzFDgQ==",
         "storedKey" : "Ist4cgpEd1vTbnRnQLdobgmOsBA=",
         "serverKey" : "e/0DyzS6GPboAA2YNBkGYm87+cg="
      },
      "SCRAM-SHA-256" : {
         "iterationCount" : 15000,
         "salt" : "p1G+fZadAeYAbECN8F/6TMzXGYWBaZ3DtWM0ig==",
         "storedKey" : "LEgLOqZQmkGhd0owm/+6V7VdJUYJcXBhPUvi9z+GBfk=",
         "serverKey" : "JKfnkVv9iXwxyc8JaapKVwLPy6SfnmB8gMb1Pr15T+s="
      }
   },
   "authenticationRestrictions" : [
                           // Available starting in MongoDB 4.0
      { "clientSource" : [ "69.89.31.226" ], "serverAddress" : [ "172.16.254.1" ] }
   ],
   "customData" : {
      "zipCode" : "64157"
   },
   "roles" : [
      {
         "role" : "read",
         "db" : "home"
      },
      {
         "role" : "readWrite",
         "db" : "test"
      }
   ]
}

The document shows that a user Kari's authentication database is the home database. 该文档显示,用户Kari的身份验证数据库是home数据库。Kari has the read role in the home database, the readWrite role in the test database.Karihome数据库中具有read角色,在test数据库中具有readWrite角色。

←  system.roles CollectionResource Document →