The triumvirate of user, role and permission with endless configuration possibilities is one of many features that I appreciate about ProcessWire. Unfortunately, this system is not really consistent. In a pilot project, a private carsharing page I use ProcessWire exclusively with the backend. All features (calendar, parking marker, dialog) are modules (processes). It was a bit tedious to control the accessibility of certain areas in the Admin. e.g. page search, ProcessPageList SettingsTab, Show/ Hide page tree. I managed most with hooks. It would be much easier if every feature (process class) has its own permission. To obtain maximum configuration options, while keeping clarity, each process module should have an intrinsically Permission. Permissions can be grouped, for example, as parent / child permission (pages) or via wildcards page- * (implements page-edit-*, page-delete), page-edit-* (implements page-edit-access page-edit), page-edit-access etc. This would be an important step towards Application Framework.