SERVER-9518, users stored in a server's user cache can be authenticated without taking a database lock or performing network operations. By marking certain users as "pinned" to the cache, we can guarantee that even when the database locks are wedged those users can still log into the system.
Proposal: Add an optional field, "critical", which when true marks the user as one that should be pinned to the user cache at startup.
Alternative: Define a system role, possession of which marks the user as one that should be pinned to the user cache at startup. This approach implies that you would have to resolve indirect roles for users when choosing which ones to pin.