After SERVER-31810, the applyOps command will require elevated privileges when applying operations containing UUIDs. Tools wanting to apply these operations will need to either run with the 'restore' or equivalent custom role, or strip the UUIDs from the operations to emulate 3.4 behavior.

In order to allow non-restore users to apply operations to collections they control and are otherwise authorized to manipulate, the privilege checks on the applyOps command must made aware of how UUIDs can be used in ops, and which privileges are required to interact with them.