<blockquote><i>Also, just to complain a little, I don't really see why my idea of a shortcut of checking for direct permissions is a loss of the abstraction.
</i></blockquote>
If you're referencing my comment, all I meant was that I think the original aD concept was to abstract out permission checking into the package API. As I mentioned, you're not the first to break away from it by querying permissions (actually views on permissions) directly and we'll be seeing more of that in the future, without doubt.
<p>Of course I could be wrong and direct queries on the views may've been "acceptable" in the designer's view from day one.
<p>
It's absolutely necessary that we do this when it makes sense in order to keep performance up.
<p>Scoping in the way I've been thinking about would cut down on the number of rows in the permissions table among other things (looking back at your first post) because only those permissions scoped to an object's type would be added not every child perm in the system.
<p>I'm not quite seeing why the current system doesn't let you assume the role of a less privileged user ... what's missing is a way to assume their user_id (i.e. run permission_p as though you're them not you) but that's all, no?