The action type configureQueryAnalyzer was added to the dbAdmin role according to the design for shard key metrics.]. However, the configureQueryAnalyzer command should not be permitted to run by users authenticated by Server Token (i.e. in multi-tenant situations). 

The action type was added to serverlessActionType lists in SERVER-69653 in order to pass tests in native_tenant_data_isolation_with_security_token_jscore_passthrough test suite, but should ultimately be removed and excluded from permissions for multi-tenant users.