permissions are .. ehhh it's a trust-erosive way to facilitate what the privilege-vulnerable party *actually* wants, which is to have an experience that actually reflects their interest with the system. buttons where you need to be and such, with direct access. can't make people walk through a gravity well without expecting gravity to *happen*. role-based permissions is like making a fenced lane through a gravity well.
the durability of a system through time is in its fascia. can you reach what you need to reach, in a pinch, synchronously, in the moment of need, without being distracted by pain?
in a world where we render each other in realtime, every read *is* a write, and the intent-to-write is in an inaccessible reference frame, which means that *every interaction is a write*
in a write-only reality, gatekeeping and secrecy aren't reeeeally tenable.
but I get what you're going for, and I submit: camouflage, the way nature does it. mimicry on one end, UV vision on the other. easy to see what's yours; hard to know there's anything else, but if someone gave you directions you could get there.
nature's security model is, more or less: if you can both see it and reach it you can impact it. you might get kicked out? or you might make a friend. or a home, but home is an access pattern, not a thing-in-itself.
nb: theory-of-mind security isn't *bad*, and this model supports your downstream implementation of it. it takes a hell of a mind to open back up a trusted space, though.