FWIW we also have use-cases for always-allowed or never-allowed permissions (eg

permission view = false

), to support clients checking for a permission that used to be conditional but is now enabled (or disabled) for everybody