Application-access-rights exceptions in D+ currently either block or allow an explicity specified
parameter or group of objects, which IMHO isn’t exactly fine-grained.
I think the option for setting Read/Write/Modify flags are much more feasible as
opposed to completely blocking or allowing specific app resources under said app’s
One could arguably toy around with Microsoft’s builtin azman, azroles, and file permissions to
achieve this goal, but meh.