That would make sense too.
Or even just adding a more specific error to this.
E.g. instead of raising the InvalidAccess error with the (en) message: You are not permitted to view the requested resource.
Create a InsufficientTrustLevel error (perhaps as a subclass of InvalidAccess) with a (en) message: You do not have the required trust level to view the requeted resource. At least then admins can know it’s a TL issue and not a bug.
Some notes on where this stuff is defined in the codebase
I can make a PR for that if it it seems like the way to go.