Poor Walter's going to get a complex if we're not careful! He was, as he points out, an "early adaptor" of a lot of new, unproven, and unfinished stuff...
When I ported over glossary I thought about the simple expedient of adding "admin" to the permission hierarchy. Then I wondered if perhaps "read" should be added, too. And maybe "write"?
I really wonder if we shouldn't have a core set of permissions used by all packages (do we really need foo_read, foo_write etc defined for every package?), only adding customized permissions for uncommon, package-specific things.
Whatever we do, I think it's crucial that any UI only expose the permissions that are actually pertinent to the object in question...
And, yes, Roger, you're right, the permissions hierarchy needs to be exposed.