Create two users: one with role restore, one with role readWriteAnyDatabase. Attempt to run an insert on system.js with bypassDocumentValidation=true on each user If auth is enabled, one should succeed, and the other will fail. > db.createUser({user: "ted" , pwd: "ted" , roles: [{role: "root" , db: "admin" }]}) Successfully added user: { "user" : "ted" , "roles" : [ { "role" : "root" , "db" : "admin" } ] } > db.auth( "ted" , "ted" ) 1 > db.createUser({user: "dave" , pwd: "dave" , roles: [{role: "restore" , db: "admin" }]})db.createUser({user: "pj" , pwd: "pj" , roles: [{role: "readWriteAnyDatabase" , db: "admin" }]})Successfully added user: { "user" : "dave" , "roles" : [ { "role" : "restore" , "db" : "admin" } ] } > dbdb.createUser({user: "pj" , pwd: "pj" , roles: [{role: "readWriteAnyDatabase" , db: "admin" }]}) Successfully added user: { "user" : "pj" , "roles" : [ { "role" : "readWriteAnyDatabase" , "db" : "admin" } ] } > db.auth( "dave" , "dave" ) 1 > use test switched to db test > db.runCommand({insert: "system.js" , documents:[{_id: "func2" , value:function(k){ return k;}}], bypassDocumentValidation: true }) { "n" : 1, "ok" : 1 } > use admin switched to db admin > db.auth( "pj" , "pj" ) 1 > use test switched to db test > db.runCommand({insert: "system.js" , documents:[{_id: "func3" , value:function(k){ return k;}}], bypassDocumentValidation: true }) { "ok" : 0, "errmsg" : "not authorized on test to execute command { insert: \" system.js\ ", bypassDocumentValidation: true , lsid: { id: UUID(\" 993eb0b0-3859-4113-9829-03cdbd30db3d\ ") }, $db: \" test\ " }" , "code" : 13, "codeName" : "Unauthorized" }