db.printSlaveReplicationInfo bases all output on the information obtained via replSetGetStatus (so this is the only privilege it should need) but requires local.system.* access privileges to actually complete.

RE: https://github.com/mongodb/mongo/blob/r3.2.6/src/mongo/shell/db.js#L1024

It appears a simple flight check verifies if the member it is run against is in a replica-set. It could just issue the replSetGetStatus command instead and determine action on the result rather than attempting to query a "system" namespace.