For compatibility with old versions of the shell, db.addUser("user", "password") should create a super-user.

On databases other than "admin", db.addUser("user", "password") will be equivalent to

db.addUser({user: "user", pwd: "password", roles: ["dbOwner"]})

. The dbOwner builtin database role will be the union of the "dbAdmin", "readWrite" and "userAdmin" roles.

On databases other than "admin", db.addUser("user", "password", true) will be equivalent to

db.addUser({user: "user", pwd: "password", roles: ["read"]})

. The read builtin database role will be the same as existed in MongoDB 2.4 and prior.

On the "admin" database, db.addUser("user", "password") will be equivalent to

db.addUser({user: "user", pwd: "password", roles: ["root"]})

. The root builtin admin role will have extensive access, as in MongoDB 2.4.

On the "admin" database, db.addUser("user", "password", true) will be equivalent to

db.addUser({user: "user", pwd: "password", roles: ["readAnyDatabase"]})

. The readAnyDatabase role will have read access to any database. This is a reduction in privilege compared to MongoDB 2.4, which may be remediated through the use of user-defined roles.

Any use of these 2- and 3-argument forms of db.addUser() will cause the shell to display a warning message to the user, and may cause the server to write a warning message to the startupWarnings log and perhaps the diagnostic log, indicating that this form is deprecated, and will be removed in a future release of MongoDB.

There will be no db.addUser("user", "password", [roles]) form of the addUser command in 2.6.