Tom,
Good point. There are Tcl procs to do this already.
My goal was to make it simpler to accomplish a common goal, and to define a best practice. We have too many different ways to do things, and no clear path to accomplish common things.
Tom asked "... how are admin permissions granted on package objects in the usual case? Is there a document that suggests usage of context_id, etc.?"
As far as I can tell, there is no common way to do this.
I believe the common case is to grant admin manually over a subsite, or a package, or as a shortcut, many sites have one person who admins everything, so he is just site wide admin, reducing the need for specific permissions.
I have a case where I need folks to be admin over just this one package, and i need to also give the admins of this package permissions over a few other objects. The ability to take a subset of users and grant them permissions over a few random objects outside the package is the reason to use a relational segment. I can add users to the relationsl segment and I don't have to track down every random object they need admin over.