I suggest adding default permission sets for usergroups. And then allow the user to specify only those permissions they want to change from the default. Here is a mockup I made: This organization yields several benefits: 1) You can quickly see what permissions have been changed from the default. 2) You can revert to default if you wish. 3) Custom usergroup permissions are more easily read and understood if you are familiar with the default permissions. You can say, "OK this is a default Registered group minus these two custom permissions that I see on the right." _____ You can apply this idea to the other permission sets too. For example, in the Node Permissions the defaults would be the inherited values which you can choose to explicitly override with custom permissions.