db.getUser()

On this page

Definition
Required Access
Examples

Definition

db.getUser(username, args)

Returns user information for a specified user. Run this method on the user's database. If the user doesn't exist in the database, db.getUser() returns null.

The db.getUser() method has the following parameters:

db.getUser( "<username>", {
   showCredentials: <Boolean>,
   showCustomData: <Boolean>,
   showPrivileges: <Boolean>,
   showAuthenticationRestrictions: <Boolean>,
   filter: <document>
} )

Parameter	Type	Description
`username`	string	The name of the user for which to retrieve information.
`args`	document	Optional. A document specifying additional arguments.

The args document supports the following fields:

Field	Type	Description
`showCredentials`	boolean	Optional. Set to `true` to display the user's password hash. By default, this field is `false`.
`showCustomData`	boolean	Optional. Set to `false` to omit the user's `customData` from the output. By default, this field is `true`. New in version 5.2.
`showPrivileges`	boolean	Optional. Set to `true` to show the user's full set of privileges, including expanded information for the inherited roles. By default, this field is `false`. If viewing all users, you cannot specify this field.
`showAuthenticationRestrictions`	boolean	Optional. Set to `true` to show the user's authentication restrictions. By default, this field is `false`. If viewing all users, you cannot specify this field.
`filter`	document	Optional. A document that specifies `$match` stage conditions to return information for users that match the filter conditions.

db.getUser() wraps the usersInfo: <username> command.

For details on output, see usersInfo.

Required Access

To view another user's information, you must have the viewUser action on the other user's database.

Users can view their own information.

Examples

The following operations return information about an example appClient user in an accounts database:

use accounts
db.getUser("appClient")

Example output:

{
   _id: 'accounts.appClient',
   userId: UUID("1c2fc1bf-c4dc-4a22-8b04-3971349ce0dc"),
   user: 'appClient',
   db: 'accounts',
   roles: [],
   mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}

Omit Custom Data from Output

New in version 5.2: To omit a user's custom data from the db.getUser() output, set the showCustomData option to false.

Use the createUser command to create a user named accountAdmin01 on the products database:

db.getSiblingDB("products").runCommand( {
   createUser: "accountAdmin01",
   pwd: passwordPrompt(),
   customData: { employeeId: 12345 },
   roles: [ { role: 'readWrite', db: 'products' } ]
} )

The user contains a customData field of { employeeId: 12345 }.

To retrieve the user but omit the custom data from the output, run db.getUser() with showCustomData set to false:

db.getSiblingDB("products").getUser(
   "accountAdmin01",
   { showCustomData: false }
)

Example output:

{
   _id: 'products.accountAdmin01',
   userId: UUID("0955afc1-303c-4683-a029-8e17dd5501f4"),
   user: 'accountAdmin01',
   db: 'products',
   roles: [ { role: 'readWrite', db: 'products' } ],
   mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}

← db.dropAllUsers()db.getUsers() →