When a grantRolesToUser or revokeRolesFromUser command is run on a mongos, the mongos does not check whether the entry in the user cache for that user is out of date. It can thus overwrite role changes that were made from another mongos.
In systems where users are administered via multiple mongos some changes may not persist and get overwritten. This can lead to users not having the correct permissions.
Modify users only via a single mongos if possible. If that is not an option, calling the invalidateUserCache command before making any role changes will minimize the risk of overwriting changes from another mongos (but not completely avoid it due to the existing race condition).
Version 2.6.0 and 2.6.1 were affected by this bug.
The patch is included in the 2.6.2 production release.
mongos now ensures that the cache entry for a user document is up to date before updating a user.
Currently it is possible to get into a situation where a user's roles are changed on one mongos, then another mongos receives a grantRolesToUser command and $sets the user's roles to something based on out of date information of the existing roles the user has.