mongodb · bgrabar · Dec 2, 2013
diff --git a/source/faq/concurrency.txt b/source/faq/concurrency.txt
@@ -161,7 +161,8 @@ the lock for a very short time:
 - :method:`rs.status()` (i.e. :dbcommand:`replSetGetStatus`),
 - :method:`db.serverStatus()`,
 - :method:`db.auth()`, and
-- :method:`db.addUser()`.
+
+.. todo does :method:`db.createUser()` lock the database?
 
 .. _faq-concurrency-lock-multiple-dbs:
 

diff --git a/source/includes/access-create-user.rst b/source/includes/access-create-user.rst
@@ -1,5 +1,7 @@
-To run |local-cmd-name|, a user must have access
-that includes the :authaction:`createUser` action on the database.
+A user must have :authaction:`createUser` :ref:`action
+<security-user-actions>` on a database to create a new user on that
+database.
 
-To grant a role to a new user, the user granting the role must have access
-that includes the :authaction:`grantRole` action on the role's database.
+A user must have the :authaction:`grantRole` :ref:`action
+<security-user-actions>` on a role's database to grant the role to another
+user.
diff --git a/source/includes/fact-change-password.rst b/source/includes/fact-change-password.rst
diff --git a/source/includes/ref-spec-security-methods.yaml b/source/includes/ref-spec-security-methods.yaml
@@ -1,7 +1,7 @@
 sources:
   - ref-toc-method-database.yaml
 files:
-  - /reference/method/db.addUser
+  - /reference/method/db.createUser
   - /reference/method/db.auth
   - /reference/method/db.changeUserPassword
 ...
diff --git a/source/includes/ref-toc-method-database.yaml b/source/includes/ref-toc-method-database.yaml
@@ -1,7 +1,3 @@
-name: ":method:`db.addUser()`"
-file: /reference/method/db.addUser
-description: "Adds a user to a database, and allows administrators to configure the user's privileges."
----
 name: ":method:`db.auth()`"
 file: /reference/method/db.auth
 description: "Authenticates a user to a database."

diff --git a/source/reference/command/createUser-field.yaml b/source/reference/command/createUser-field.yaml
@@ -1,4 +1,3 @@
-#content from this page is included in /reference/method/db.addUser-param.yaml
 #content from this page is included in /reference/method/db.createUser-param.yaml
 object:
   name: createUser

diff --git a/source/reference/method/db.addUser-param-2.2.yaml b/source/reference/method/db.addUser-param-2.2.yaml
diff --git a/source/reference/method/db.addUser-param.yaml b/source/reference/method/db.addUser-param.yaml
diff --git a/source/reference/mongo-shell.txt b/source/reference/mongo-shell.txt
@@ -494,7 +494,7 @@ administration:
      - Repair and compact the current database. This operation can be
        very slow on large databases.
 
-   * - :method:`db.addUser( \<user\>, \<pwd\> ) <db.addUser()>`
+   * - :method:`db.createUser( \<userDocument\>, \<writeConcern\> ) <db.createUser()>`
 
      - Add user to current database.
 

diff --git a/source/reference/program/mongo.txt b/source/reference/program/mongo.txt
@@ -184,7 +184,7 @@ Files
 
       :program:`mongo` does not recorded interaction related to
       authentication in the history file, including
-      :dbcommand:`authenticate` and :method:`db.addUser()`.
+      :dbcommand:`authenticate` and :method:`db.createUser()`.
 
    .. warning::
 

diff --git a/source/tutorial/access-mongo-shell-help.txt b/source/tutorial/access-mongo-shell-help.txt
@@ -64,11 +64,11 @@ Database Help
 - To see the implementation of a method in the shell, type the
   ``db.<method name>`` without the parenthesis (``()``), as in the
   following example which will return the implementation of the method
-  :method:`db.addUser()`:
+  :method:`db.createUser()`:
 
   .. code-block:: javascript
 
-     db.addUser
+     db.createUser
 
 .. _mongo-shell-help-collection:
 

diff --git a/source/tutorial/add-user-administrator.txt b/source/tutorial/add-user-administrator.txt
@@ -55,9 +55,13 @@ Create a User Administrator
 
    .. code-block:: javascript
 
-      db.addUser( { user: "<username>",
-                    pwd: "<password>",
-                    roles: [ "userAdminAnyDatabase" ] } )
+      db.createUser(
+        {
+            user: "<username>",
+            pwd: "<password>",
+            roles: [ "userAdminAnyDatabase" ]
+        }
+      )
 
 To authenticate as this user, you must authenticate against the
 ``admin`` database.

diff --git a/source/tutorial/add-user-to-database.txt b/source/tutorial/add-user-to-database.txt
@@ -4,72 +4,82 @@ Add a User to a Database
 
 .. default-domain:: mongodb
 
-To add a user to a database you must authenticate to that database as a
-user with the :authrole:`userAdmin` or :authrole:`userAdminAnyDatabase`
-role. If you have not first created a user with one of those roles, do
-so as described in :doc:`/tutorial/add-user-administrator`.
-
-When adding a user to multiple databases, you must define the user
-*for each database*. See :ref:`password-hashing-security` for
-important security information.
-
-To add a user, pass the :method:`db.addUser()` method a well formed
-:data:`privilege document <admin.system.roles.privileges>`  that contains the
-user's credentials and privileges. The :method:`db.addUser()` method
-adds the document to the database's :data:`system.users
-<admin.system.users>` collection.
-
-.. versionchanged:: 2.4
-
-   .. include:: /includes/fact-change-password.rst
-
-   To change a user's password in version
-   2.4 or newer, see :doc:`Change a User's Password
-   </tutorial/change-user-password>`.
+.. versionchanged:: 2.5.3
 
-.. TODO I took away a link because I didn't know exactly where
-   it should go. Also, wording on these 3 examples are not exactly right.
+.. Overview
+.. --------
 
-For the structure of a privilege document, see :data:`system.users
-<admin.system.users>`.
+.. todo This will be further updated per DOCS-2312
 
-.. example:: The following creates a user named ``Alice`` in the
-   ``products`` database and gives her ``readWrite`` and
-   ``dbAdmin`` privileges.
+Prerequisites
+-------------
 
-   .. code-block:: javascript
+.. todo This wording below is mostly placeholder. Will revisit when work on DOCS-2312
 
-      use products
-      db.addUser( { user: "Alice",
-                    pwd: "Moon1234",
-                    roles: [ "readWrite", "dbAdmin" ]
-                  } )
+.. include:: /includes/access-create-user.rst
 
-.. example:: The following creates a user named ``Bob`` in the
-   ``admin`` database. The :data:`privilege document
-   <admin.system.users>` uses Bob's credentials from the
-   ``products`` database and assigns him ``userAdmin`` privileges.
+A user with either the :authrole:`userAdmin` or :authrole:`userAdminAnyDatabase`
+role has both those :ref:`actions <security-user-actions>`.
 
-   .. code-block:: javascript
-
-      use admin
-      db.addUser( { user: "Bob",
-                    userSource: "products",
-                    roles: [ "userAdmin" ]
-                  } )
-
-.. example:: The following creates a user named ``Carlos`` in the
-   ``admin`` database and gives him ``readWrite`` access to the
-   ``config`` database, which lets him change certain settings for
-   sharded clusters, such as to disable the balancer.
-
-   .. code-block:: javascript
+If you have not first created a user with one of those roles, do
+so as described in :doc:`/tutorial/add-user-administrator`.
 
-      db = db.getSiblingDB('admin')
-      db.addUser( { user: "Carlos",
-                    pwd: "Moon1234",
-                    roles: [ "clusterAdmin" ],
-                    otherDBRoles: { config: [ "readWrite" ]
-                  } } )
+When adding a user to multiple databases, you must define the user
+*for each database*. See :ref:`password-hashing-security` for
+important security information.
 
-   Only the ``admin`` database supports the ``otherDBRoles`` field.
+To add a user and set the user's credentials and roles, use the
+:method:`db.createUser()` method.
+
+Procedure
+---------
+
+.. todo These are just examples for now. Procedures coming ...
+
+The following creates ``accountUser`` in the ``products`` database
+and gives the user the ``readWrite`` and ``dbAdmin`` roles.
+
+.. code-block:: javascript
+
+   use products
+   db.createUser(
+      {
+        user: "accountUser",
+        pwd: "password",
+        roles: [ "readWrite", "dbAdmin" ]
+      }
+   )
+
+The following creates a user named ``reportsUser`` in the ``admin``
+database but does not yet assign roles:
+
+.. code-block:: javascript
+
+   use admin
+   db.createUser(
+      {
+        user: "reportsUser",
+        pwd: "password",
+        roles: [ ]
+      }
+   )
+
+The following creates a user named ``appAdmin`` in the
+``admin`` database and gives the user ``readWrite`` access to the
+``config`` database, which lets the user change certain settings for
+sharded clusters, such as to the balancer setting.
+
+.. code-block:: javascript
+
+   db = db.getSiblingDB('admin')
+   db.createUser(
+      {
+        user: "appAdmin",
+        pwd: "password",
+        roles:
+          [
+            "clusterAdmin",
+            { db: "config", role: "readWrite" }
+          ]
+      }
+   )
diff --git a/source/tutorial/control-access-to-mongodb-with-kerberos-authentication.txt b/source/tutorial/control-access-to-mongodb-with-kerberos-authentication.txt
@@ -69,17 +69,19 @@ you must create a corresponding user document in the
 :data:`system.users <admin.system.users>` collection to provision
 access for the user.
 
-In the :program:`mongo` shell you can pass the :method:`db.addUser()`
+In the :program:`mongo` shell you can pass the :method:`db.createUser()`
 a user privilege document to provision access to users, as in the
 following operation:
 
 .. code-block:: javascript
 
    db = db.getSiblingDB("$external")
-   db.addUser( {
-                 "user": "application/[email protected]",
-                 "roles": [ { "role":"read", db:"records"} ]
-               } )
+   db.createUser(
+      {
+        user: "application/[email protected]",
+        roles: [ { role: "read", db: "records"} ]
+      }
+   )
 
 This grants the Kerberos user principal
 ``application/[email protected]`` read-only access to the