I’m not 100% sure what has been added to R4 (installing my system as we speak… come on stupid patches, complete already!!).
But…
It sounds like you’re doing exactly what I did at my previous company. Specific Access Levels for Content Permissions and specific Access Levels for Application Permissions. Then each group was granted 1 level from each side on any given object/folder/universe etc…
There’s a rather nice lecture that Dwayne has given at a few of the conferences entitled “Security for Mere Mortals” which describes the concept extremely well.
You can find a copy on the forums here at Security for Mere Mortals Thread
JPetlev (BOB member since 2006-11-01)