First question, Who is your developer and how well do they know and understand Xenforo permissions?
Second, Inherit is tricky to use because if I even understand it right it inherits from the forum permissions. Plus You will need to look at the Moderating Forums user group since he is part of 2 groups.
When your going to the NODE permission click on either Node permission or Display Node tree is will take you to the same place yes.
Permissions in Xenforo can be hard to understand but once you do understand how they work you will be amazed.
That links was really helpful, thanks. This line specifically answered my main question too:
"The User Group Permissions define the base permissions."
So basically my developer setting "Not Set" on the User Group Permissions was a no-no. Usergroup permissions are the beginning of all permissions, and therefore should have "Allow" or "Never" set, for pretty much everything.
EDIT: Not correct understanding, see correction post below.
Thank you, that corrects my previous statement that all Usergroups should always be set to Allow or Never.
All members should be set to "Registered" usergroup.
Any additional usergroups (moderator, admin) second.
"Registered" group is the "base" criteria for all other permissions.
Set everything to "Allow" or "Not Set" here.
Since other groups typically *increase* powers, you would only select "Allow" on those usergroups for any *additional* powers you want to grant them.
Everything else stays to "Not Set", because its already being inherited from "Registered" group.
That's pretty much spot on. Registered sets the permissions that you want everyone to have, then you use additional user groups to grant extra permissions.
"never" can be used to revoke permissions for everyone by changing the Registered base group or for a particular annoying user you could create a group even lower than Registered to reduce their permissions also using the "never" option.