User with data writer role is able to modify _system scope

Issue

As per my understanding only full admin users are allowed to manipulate _system scope. However, I am able to modify content of _system._query collection using Data writer role.
Following change was made to allow only read access to _system scope for bucket_full_access rbac role - https://review.couchbase.org/c/ns_server/+/174907. I guess similar change must be done for Data writer role as well.

Steps

These are the steps which I used to repro this issue -

1. Create an rbac user named abcd having following roles -

   Manage Scope Functions [*:*] , Data Writer [src_bucket:*:*] , Data Writer [metadata:*:*] , Data Reader [src_bucket:*:*] , Data Reader [metadata:*:*] , Data DCP Reader [src_bucket:*:*] , Data DCP Reader [metadata:*:*]

2. Login as user abcd.
3. Create an Eventing function which listens to changes at src_bucket._default._default collection and writes data to src_bucket._system._query collection.
4. Load some data to src_bucket._default._default collection.

Observation

Write operations to _system scope succeed even though user has non full admin access.