Discussed this with @VeXocide and this is what we came up with:

• Read permissions on system tables will be assigned through the usual mechanism (i.e. the "rethinkdb" database is treated like any other database)
• Nobody can write to a system table, except for the admin user who can write to all system tables
• One exception from the rule: Users can update their own document in the users table, as long as they have read and write permissions on the users table as granted through the usual mechanism.

Note that operations such as r.table(...).config().update(...) or r.table(...).reconfigure(...) can still be performed by non-admin users, if the user has config permissions on the affected table.