That is why in https://github.com/Qbix/Streams the default for all streams is PRIVATE. And people can choose what to open up explicitly. We support access templates, mutable access, and inheritance, roles, even participant roles and custom permissions. But the default is private, and all that is machinery on top of it.

Read this for a high level overview useful for HN: https://community.qbix.com/t/streams-plugin-access-control/2...