Description
A user with dbAdmin access is allowed to rename the system.users collection. They are also allowed to rename any collection to system.users (if there is not currently a collection there). This makes it possible to change user permissions without having userAdmin rights.