refer to my proposal to refactor the current permisson system
even though I submit a PR User permission refactor by szufisher · Pull Request #6582 · frappe/frappe · GitHub
long time ago, due to so big change to the core involved, it was finally closed, seems that the current system’s permission issues are still there all the time, maybe we need to be more patient to wait for the core team to take actions on refactoring the permission system again in their own way.