Much of the complexity of the R5 security model comes from the need for backwards compatibility with the R4 security model, which was very different indeed. The R5 model has worked well but the basic principles have remained more or less unaltered since 2002. Maybe it's time for a fundamental re-think. If so, then I suspect the R9 ship has already sailed, so maybe something for R10. But since we're here.... get rid of all the scoping. The main need there is to control the visibility of publications, and apart from that, you can do pretty much everything you need to simply with the right permissions in the right groups. Visibility of publications could be managed with a "Use this publication" right. The other thing I'd fix would be the fact that the permissions that control your ability to do things to an organisational item are inherited from the organisational item above it. The permissions on an org-item should control the org-item itself and it's non-folderish children. This would get rid of all the weird things that go on in root org-items, and allow you to work with arbitrarily rooted trees. (Those in R&D with long memories will remember that in 2001 I argued fanatically for exactly the opposite. Time is a great teacher.) For the rest, then yes - some visualisations might help people to understand where the effective permissions are coming from. I'd also like to see some auditing reports, so that for a given asset, you know exactly who can use it. Internal security departments at customer organisations tend to be keen on this kind of thing.