Interesting! I just dumped all the objects in an empty CMA (I created it on the MDS, but never created any objects in it), filtered them down to just the domain and type, sorted them, and deduplicated.

[Expert@TestMDS:0]# jq -c '{domain:.domain.name,type:.type}' <objects.jsonl | sort | uniq -c
   8198 {"domain":"APPI Data","type":"application-site"}
    171 {"domain":"APPI Data","type":"application-site-category"}
      1 {"domain":"Check Point Data","type":"ApproveUserCheckInteractionScheme"}
      5 {"domain":"Check Point Data","type":"AskUserCheckInteractionScheme"}
      1 {"domain":"Check Point Data","type":"CancelUserCheckInteractionScheme"}
      4 {"domain":"Check Point Data","type":"CpmiAppfwLimit"}
      1 {"domain":"Check Point Data","type":"CpmiCustomDataType"}
      1 {"domain":"Check Point Data","type":"Internet"}
      1 {"domain":"Check Point Data","type":"application-site-category"}
      1 {"domain":"Check Point Data","type":"data-center-server"}
      6 {"domain":"Check Point Data","type":"dynamic-object"}
      2 {"domain":"Check Point Data","type":"multicast-address-range"}
      1 {"domain":"Check Point Data","type":"network"}
      5 {"domain":"Check Point Data","type":"repository-script"}
      4 {"domain":"Check Point Data","type":"security-zone"}
      1 {"domain":"Check Point Data","type":"service-citrix-tcp"}
      4 {"domain":"Check Point Data","type":"service-compound-tcp"}
     23 {"domain":"Check Point Data","type":"service-dce-rpc"}
     52 {"domain":"Check Point Data","type":"service-group"}
     10 {"domain":"Check Point Data","type":"service-gtp"}
     13 {"domain":"Check Point Data","type":"service-icmp"}
     24 {"domain":"Check Point Data","type":"service-icmp6"}
     43 {"domain":"Check Point Data","type":"service-other"}
     18 {"domain":"Check Point Data","type":"service-rpc"}
    217 {"domain":"Check Point Data","type":"service-tcp"}
     96 {"domain":"Check Point Data","type":"service-udp"}
      3 {"domain":"Check Point Data","type":"time"}
      4 {"domain":"Check Point Data","type":"user-check-drop"}
      1 {"domain":"Empty","type":""}
      1 {"domain":"Empty","type":"AskUserCheckInteractionScheme"}
      1 {"domain":"Empty","type":"CancelUserCheckInteractionScheme"}
      3 {"domain":"Empty","type":"CertificateTemplateUserCheckInteractionScheme"}
    109 {"domain":"Empty","type":"CpmiCompoundDataType"}
      6 {"domain":"Empty","type":"CpmiCustomDataType"}
    150 {"domain":"Empty","type":"CpmiDictionaryDataType"}
      6 {"domain":"Empty","type":"CpmiDlpUserCheckInteractionScheme"}
      1 {"domain":"Empty","type":"CpmiExternalBccDataType"}
     26 {"domain":"Empty","type":"CpmiFileDataType"}
     34 {"domain":"Empty","type":"CpmiGroupDataType"}
      1 {"domain":"Empty","type":"CpmiInternalCaServer"}
      2 {"domain":"Empty","type":"CpmiMessageAttributesDataType"}
     22 {"domain":"Empty","type":"CpmiNcodeDataType"}
    274 {"domain":"Empty","type":"CpmiPatternDataType"}
     16 {"domain":"Empty","type":"CpmiTemplateBasedDataType"}
      2 {"domain":"Empty","type":"CpmiUnintentionalRecipientDataType"}
     23 {"domain":"Empty","type":"CpmiWeightedWordsDataType"}
    100 {"domain":"Empty","type":"CpmiWordsDataType"}
      2 {"domain":"Empty","type":"InformUserCheckInteractionScheme"}
      2 {"domain":"Empty","type":"address-range"}
      1 {"domain":"Empty","type":"checkpoint-host"}
      1 {"domain":"Empty","type":"network"}
      1 {"domain":"Empty","type":"user-check-drop"}
      1 {"domain":"Empty","type":"user-template"}
      1 {"domain":"Empty","type":"vpn-community-meshed"}
      1 {"domain":"Empty","type":"vpn-community-remote-access"}
     18 {"domain":"IPS Data","type":"service-dce-rpc"}
      2 {"domain":"IPS Data","type":"service-group"}

So some User Check schemes are from a data domain, some are copied into the CMA when it's built. Most DLP data types are copied into the CMA when it's built, but one comes from a data domain. In case anybody is curious about exactly which objects are from the data domain:

[Expert@TestMDS:0]# jq -c 'if .domain.name == "Check Point Data" then {readOnly:."read-only",type:.type,name:.name} else empty end' <objects.jsonl | grep -v '"type":"service' | sort
{"readOnly":false,"type":"data-center-server","name":"Online Services"}
{"readOnly":null,"type":"ApproveUserCheckInteractionScheme","name":"Threat Extraction Success Page"}
{"readOnly":null,"type":"AskUserCheckInteractionScheme","name":"Company Policy Anti-Bot"}
{"readOnly":null,"type":"AskUserCheckInteractionScheme","name":"Company Policy Anti-Virus"}
{"readOnly":null,"type":"AskUserCheckInteractionScheme","name":"Company Policy Threat Emulation"}
{"readOnly":null,"type":"AskUserCheckInteractionScheme","name":"Company Policy Threat Extraction"}
{"readOnly":null,"type":"AskUserCheckInteractionScheme","name":"Company Policy Zero Phishing"}
{"readOnly":null,"type":"CancelUserCheckInteractionScheme","name":"Cancel Page Threat Prevention"}
{"readOnly":null,"type":"CpmiAppfwLimit","name":"Download_10Mbps"}
{"readOnly":null,"type":"CpmiAppfwLimit","name":"Download_1Gbps"}
{"readOnly":null,"type":"CpmiAppfwLimit","name":"Upload_10Mbps"}
{"readOnly":null,"type":"CpmiAppfwLimit","name":"Upload_1Gbps"}
{"readOnly":null,"type":"CpmiCustomDataType","name":"Any File"}
{"readOnly":null,"type":"Internet","name":"Internet"}
{"readOnly":true,"type":"application-site-category","name":"Custom_Application_Site"}
{"readOnly":true,"type":"dynamic-object","name":"AuxiliaryNet"}
{"readOnly":true,"type":"dynamic-object","name":"CPDShield"}
{"readOnly":true,"type":"dynamic-object","name":"DMZNet"}
{"readOnly":true,"type":"dynamic-object","name":"InternalNet"}
{"readOnly":true,"type":"dynamic-object","name":"LocalMachine"}
{"readOnly":true,"type":"dynamic-object","name":"LocalMachine_All_Interfaces"}
{"readOnly":true,"type":"multicast-address-range","name":"All_DHCPv6_Relay_Agents_and_Servers"}
{"readOnly":true,"type":"multicast-address-range","name":"All_DHCPv6_Servers"}
{"readOnly":true,"type":"network","name":"IPv6_Link_Local_Hosts"}
{"readOnly":true,"type":"repository-script","name":"List Check Point Services"}
{"readOnly":true,"type":"repository-script","name":"Show Assets"}
{"readOnly":true,"type":"repository-script","name":"Show Configuration"}
{"readOnly":true,"type":"repository-script","name":"Show OS Info"}
{"readOnly":true,"type":"repository-script","name":"Show Policy Status"}
{"readOnly":true,"type":"security-zone","name":"DMZZone"}
{"readOnly":true,"type":"security-zone","name":"ExternalZone"}
{"readOnly":true,"type":"security-zone","name":"InternalZone"}
{"readOnly":true,"type":"security-zone","name":"WirelessZone"}
{"readOnly":true,"type":"time","name":"Every_Day"}
{"readOnly":true,"type":"time","name":"Off_Work"}
{"readOnly":true,"type":"time","name":"Weekend"}
{"readOnly":true,"type":"user-check-drop","name":"Anti-Bot Blocked"}
{"readOnly":true,"type":"user-check-drop","name":"Anti-Virus Blocked"}
{"readOnly":true,"type":"user-check-drop","name":"Threat Emulation Blocked"}
{"readOnly":true,"type":"user-check-drop","name":"Zero Phishing Blocked"}

I'm guessing the ones without a "read-only" key (the rows which show as "readOnly":null above) are object types which aren't fully integrated into the API as of R81.20 jumbo 65, so I should default the read-only key to true if it can't be found.