Re: The real culprit
"I won't say it's "superior", because that's a meaningless term in this domain - a security system can only be judged against a threat model, so it's pointless to claim one is superior or inferior in the abstract, and that judgement is far too complex to reduce it to a single dimension anyway."
Then there appears to be a HARD problem here since a lot of "admins" aren't sophisticated enough to know how to do fine-grained control yet are pretty much the smartest users on the staff. They can only think in simple terms. From what's being described, security MUST be made simply effective but at the same time CAN'T be made simply effective. Basically, the secure-vs-easy scale again.