For me I understand that customizability is important, but would hesitate to say that deciding widget permissions should be left to implementors. I think security of data is one area where we should be prescriptive as a platform. That is, we should put a lot of thought into what the permissions are and what they mean, and a widget should know where it fits in that data privacy / security paradigm. Totally agree with @florianrappl that this is only part of the solution, and backend also needs to agree to this permission schema together. However, if both parts are moving it can be hard to know what is actually happening and what is secure / private.
I think the solution for customizing the implementation then comes from assigning permissions to roles. Once we have.a stable idea of what permission does what, we can set it up so that my Nurse has different permissions than her Nurse. This way customizability and security can both win.
To @burke 's point, we should have good transparency in minimally docstrings and optionally docs or UI that shows clearly the permissions that each workflow depends on. Access issues should give clear alerts as to what permission is missing.
To @burke 's other point, I can see how permission groups could be useful