In 2.3 we ended up disallowing system table access for non-admin users for simplicity reasons.

Copying the original proposal from #5463 here:

• Read permissions on system tables will be assigned through the usual mechanism (i.e. the "rethinkdb" database is treated like any other database)
• Nobody can write to a system table, except for the admin user who can write to all system tables
• One exception from the rule: Users can update their own document in the users table, as long as they have read and write permissions on the users table as granted through the usual mechanism.

Note that operations such as r.table(...).config().update(...) or r.table(...).reconfigure(...) can still be performed by non-admin users, if the user has config permissions on the affected table.

Additionally we should filter jobs output so users only see their own queries unless they are admin.