Users should be able to define custom roles, which can be assigned to database users.
All targeted queries will fail with db-level auth if primary shard is unavailable.
access control per collection
Auth credentials should be invalidated when user is removed
Introduce a built-in role for taking backups of nodes
Document : User Defined Roles