Or more succinctly - the permissions admin UI simply sucks :)
One thing I find somewhat annoying is that each package seems to create its own permissions (wp_read, glossary_read, blah_dy_blah_dy_read, etc).
When I go to set permissions on (say) a glossary object, I have the opportunity to grant "wp_read" and any other permission in the world to that object, which is quite weird and useless.
It also means that having "admin" privs means I generally can't admin a package even though the package's context_id is set so the package sees that I have "admin" privs. Some packages, at least, require me to set a package-specific admin priv ("glossary_admin") before I can admin the package even though I'm the uber-user with sitewide admin privs.
Ugh.
I've been wanting to raise this whole permissions mess as an issue for some time, but have been waiting until things are fairly well along (ain't going to be fixed in our first release cycle, if we want a release before 2002, anyway!)
But it's probably not terribly useful to discuss UI issues without discussing other permissions-related issues...
