If you set
default_bundle_access_level = _CA_BUNDLE_ACCESS_READONLY_
in app.conf (which probably no one has ever done) you also end up with readonly bundles in places like the display, UI and metadata element editors, even for administrators. I guess this is because they all descend from BundlableLabelableBaseModelWithAttributes also they’re not really bundlable and can’t take attributes. So technically this makes sense but it’s not really practical. We’d have to add all these to the bundle-level access control configuration screen to enable access for certain roles.
I think we should somehow exclude those from checks in ca_users::getBundleAccessLevel() and whereever else this is being decided because if someone doesn’t want a certain role to have access to UIs or metadata elements, he’ll restrict that via user actions and not on bundle level. I don’t know if there’s a good criterion to filter those. Probably something like the BOUNDS_CHOICE_LIST for the table_num field in ca_metadata_type_restrictions.