While the implementation of $out involves creating a temporary collection and creating indexes thereon, the end effect is equivalent to doing inserts and removes on the target collection. Therefore, it seems that the correct privileges for the $out target namespace, "target" are ActionType::remove and ActionType::insert, only. Since create-collection is implicit in ActionType::insert, those should be sufficient privileges.