There are many ways to reproduce this. The simplest is:
Create a patient
Add Admin as a collaborator to it, with any access level, e.g. 'edit' (either from the UI or via REST, doesn't matter)
Expected: Collaborator 'Admin' appears with 'edit' access level, as it was recorded
Actual: Collaborator 'Admin' appears with 'owner' access level
This behavior appears to be intentional and there probably was a good reason behind this choice originally. However, it creates issues with using the RESTful API for managing permissions from the UI (), since the collaborator levels that are read via GET do not always correspond to the collaborator levels recorded.