Discussion: Permission Definition Boundaries

Original note

In relation to YAML definitions for permissions:

We are working on adding permission definition files that can be used to auto-generate documentation as well as be used in the product for things like granular PATs. Currently, we have a field called scopes where the permission is effective which @alexbuijs has proposed to rename to boundaries.

Can we rename scopes in this template to boundaries?

The term scope is used to define a combination of a boundary and a list of permissions.

The term boundary is used to denote the organizational level where a permission can be applied.

Also, perhaps we can change the boundary suggestions to instance, group, project and user? I think admin and instance permissions are interchangeable and user permissions (such as permissions to read personal snippets) are missing.

Question

Should we define boundaries at all? If so, what should they be?