I noticed, that there is a new data permisson called “upsert”. At least I think it is new. This permission has been set to a green checkmark by default. I’ve seen this new permission by chance and I don’t think it is a good idea to introduce new permissions silently and then grant this permission to all roles. This is not security by default. This opens up holes in my security concept.
In my opinion, everything should be forbidden for each role by default. It shall be the decison of the app owner to grant permissions, not the decision of the platform.
Regards,