When a security group is added older modules like Student Manager, they get blanket access across the module, unless their user group is targeted in the granular permissions.
This makes it far to easy to miss users out. You can check your permissions view, which is hard enough as it is, and come away thinking sub module A is locked down for all but Mr. X. However, whole sections of iSAMS users may still have access to it as they have default access and their usergroup/user is not listed in the module permissions.
This is dangerous for anyone who hasn't worked this out and very hard to manage and audit for those who have. I have a pretty complex SSRS report I have to use to help find missing permissions and the whole thing takes ages and I'm sure many users are unaware and don't do this.
Please can we have a default/catchall user so that it can be controlled as a real usergroup. This will do for many users and do away with the need for including say 10 user groups in the module security tab which have essentially the same permissions. It would make it safer by default and improve ability to audit. It also shouldn't require too much of a reconfiguration of the current permissions model which I understand the reluctance to take on in older modules.