I should get (at least) a warning if I make Instances more readable than their Models

(User Story, Investigate , Priority: Critical, Test Status: No automated tests yet , Reported By Bad Link: Thing 3y284oe not found, )

UX, Data Model, Editor, Security

Summary: Currently, using the fine-grained Security system it's entirely straightforward to make a Model Owner-only, while allowing others to do things to its Instances. That mostly doesn't work.

Credited to Eric, because he reported a "user error" bug that was caused by this more interesting and serious UX problem in the fine-grained security model.

Part of this is because the meaning of "Who Can Read" isn't obvious enough -- it sounds like "I can read the page", but it actually means far more since the security model got tightened up.

Note that this goes beyond Read -- it's even more important that Who Can Edit on the Instances depends on the Who Can Read of the parent. Need to go through the permissions, and figure out the right way to represent this, and which permissions are fundamentally dependent on Who Can Read.

(Are there any permissions where it really makes sense to make the Instances looser than the parent's Who Can Read? This might want to be a strict and broad error.)

This probably is not easy to detect reliably in the general case, but we should think about it pretty carefully.