Create a replicaset. Create a collection on the admin database. Create a role which inherits from other roles. Grant the role to a user. Create an index on the collection using the createIndex command. Connect to a secondary, and authenticate as the user. The user will have no privileges granted from transitively inherited roles. The secondary will include the following statement in its logs:
The RoleGraph update procedure observes a command affecting the admin database which it doesn't understand. As a result, it disables role transitivity. It should be taught that createIndex on a collection other than system.roles is safe.