I think I've finally figured out one of my "hangups" regarding permissions and how I think things should work from how they actually do work.
For some reason, my brain has put together permissions and "privacy groups" - as if privacy groups should have the ability to administer security settings rather than needing to go into each individual connection and changing settings (which, frankly, is a big pain if I have more than a few conections and want to group their permissions).
Is there any means or mechanism to group connections into some sort of "permissions groups" - and/or is there an architectural reason that "privacy groups" do not fill this role? Or is it merely an implementation thing (nobody has picked up the ball)?
One thought would be that the permissions for an individual connection would be determined as follows:
(({CHANNEL PERMISSIONS} OR {PRIVACY GROUP OVERRIDES "YES"}) XOR
({PRIVACY GROUP OVERRIDES "NO"} OR {CONNECTION OVERRIDE "NO"})) OR {CONNECTION OVERRIDE YES}
The clear issue is what about connections in multiple privacy groups? Do we default to "allow", do we default to "deny", or how do we resolve conflicts. The above "formula" would keep conflicts to a minimum - and if conflicts occur at the "privacy group" level, they could be resolved at the "connection" level.
The thought is to use 3 "options" per permission category (NO) (INHERIT) (YES). The default setting for all of them would be "inherit" - so everything would simply be inherited from the CHANNEL PERMISSION settings. Then you have "OVERRIDE NO" and "OVERRIDE YES" as options as well. This could be "hidden" as an advanced feature. Ultimately, things would work as they do now by default (except maybe you COULD override the inherited values from the CHANNEL SETTINGS).
----
Anyway, this is really nothing other than thinking out loud and throwing out a discussion starter or a breadcrumb for anyone with time and inclination... perhaps (and likely) the discussion has been hashed, rehashed, rerehashed to death - in which case, I'm sorry - just pat me on the head and point me to the previous discussions.