Pier permissions

Hi, I can understand how the current implementation of Pier security could work well in the case of a set of users each with their own sub-tree - a little like Unix's '/home/user1' '/home/user2' etc, where users can control the commands allowed to be executed on their sub-trees. However I'm looking for a more capability model, for example: * does the user have permission to see this view in wiki mode? * does the user have permission to create verbatim html? * does the user have permission to create value links? * etc Is there a sensible way to map this onto the current security implementation? I've currently mapped it with code like: This works however the owner/group/other structure permissions mapping seems too coarse grained. I'd like to be able to have groups relating to these permissions then add groups to users, depending upon the permissions I'd like to assign to them. Am I looking at this in the wrong way? Is there a mechanism to support a capability model? Cheers Nick