That is why I proposed my original solution. Doing a standard permission check on the intended object will work fine.
My idea was a way to use the existing permissions system. That is what seems to be confusing, it what to do with all the flexibility. I just wanted to provide a way to model a requirement using the existing system.
