Presently when a user connects to a MongoDB cluster mongosh will execute several command helpers. Unless the users have specific privileges these commands will trigger several unauthorised messages similar to below:

{"msg":"Checking authorization failed","attr":{"error":{"code":13,"codeName":"Unauthorized","errmsg":"not authorized on admin to execute command { getParameter: 1, featureCompatibilityVersion: 1, apiVersion: \"1\"... $db: \"admin\" }"}}}

This causes issues for some security monitoring applications, and requires the security monitoring application to be filtered to ignore these events.

A similar issue is described in the Jira ticket: https://jira.mongodb.org/browse/MONGOSH-1298