The problem is how do you set up those permissions without a god object? How do you fix ones that are broken on a running system?

Ultimately the security systems that introduce high complexity in the name of fine grain permission controls end up being the most fragile and hardest to verify. People get stuff wrong then break it further trying to get their job done. The better system is sometimes the one that doesn’t have all of the features but is comprehensible to humans.