ideally we don't make it too easy to accidentally completely open a permission