diff --git a/source/includes/extracts-access-eval.yaml b/source/includes/extracts-access-eval.yaml
new file mode 100644
index 00000000000..8650e5c1337
--- /dev/null
+++ b/source/includes/extracts-access-eval.yaml
@@ -0,0 +1,22 @@
+ref: access-eval-applyOps
+inherit:
+  ref: _access-eval
+  file: extracts-parent-access-eval.yaml
+replacement:
+  eval-object: ":dbcommand:`applyOps`"
+---
+ref: access-eval-copyTo
+inherit:
+  ref: _access-eval
+  file: extracts-parent-access-eval.yaml
+replacement:
+  eval-object: ":method:`db.collection.copyTo()`"
+
+---
+ref: access-eval-eval
+inherit:
+  ref: _access-eval
+  file: extracts-parent-access-eval.yaml
+replacement:
+  eval-object: ":dbcommand:`eval`"
+...  
\ No newline at end of file
diff --git a/source/includes/extracts-parent-access-eval.yaml b/source/includes/extracts-parent-access-eval.yaml
new file mode 100644
index 00000000000..4b6792157ab
--- /dev/null
+++ b/source/includes/extracts-parent-access-eval.yaml
@@ -0,0 +1,9 @@
+ref: _access-eval
+content: |
+  If authorization is enabled, you must have access to all actions on
+  all resources in order to run |eval-object|. Providing such access
+  is not recommended, but if your organization requires a user to run
+  |eval-object|, create a role that grants :authaction:`anyAction` on
+  :ref:`resource-anyresource`. Do not assign this role to any other
+  user.
+...