Introduce cycle
db.createRole({role:"A",privileges:[],roles:[]})
db.createRole({role:"B",privileges:[],roles:["A"]})
db.system.roles.update({_id:"admin.A"},{$addToSet:{roles:{"role":"B","db":"admin"}}})
Now it is possible to introduce another cycle
db.createRole({role:"C",privileges:[],roles:[]})
db.createRole({role:"D",privileges:[],roles:["C"]})
db.grantRolesToRole("C","D")
Description
If there is a cycle in the role graph the cycle prevention does not work properly for updateRoles and grantRolesToRole.