When we export a document (IQA query, business object, content, content type, etc.) today, if that document has custom permissions it will not import into a database that didn't already have that content with custom permissions. This comes up in the following scenarios:
- Create a new query in Dev, set permissions, test, copy to production.
- Create a generic iPart with permissions, import to new clients.
- Modify the ACL for a query to include a new Role in Dev, then import to Test.
- Import new Nav items we've set up in Dev.
Beside all that, we often have to apply the same permissions over and over to multiple items. Having our own predefined security sets would make this a lot simpler. (It would also keep the Access* tables from growing excessively, since each "custom set" is assigned its own key.)