is it a bad idea to model negative permissions? Imagine you have a flat hierarchy of objects (so you can't leverage some containerization/"folders" to manage access). You want to grant

nonadmin

users access to all objects in the hierarchy that currently exist and will exist except for a small set of "important" objects. Is it a terrible practice to do something like

definition widget {
     relation access: user
     relation noaccess: user

     permission perm_access = access - noaccess
}