Hi @Flint78, thanks for posting. Permissions is admittedly a complex and confusing area of Shotgun. There is a lot of power and flexibility in our permission system, but not all of it is exposed to you as the admin on the user side, and the UI can be difficult to navigate.
I think what you are struggling with, in both cases, is the fact that many of our built-in permission groups have some under-the-hood conditional permissions baked in. For example, the Artist group is allowed to create Notes, to reply to any note, and to add people in the CC field for any note, but they are restricted on all other fields to only be able to edit metadata for Notes they themselves created. This follows a similar pattern in the Artist group, where they can see most everything in the Project, and edit things they created themselves, but are given fairly limited edit permissions.
With the HR manager and changing Person status, we have locked down editing of Status on People to be restricted to Admins by default. This is because changing status on People affects billing (based on your active user count), so we are conservative about who we allow to do this out-of-the-box.
Unfortunately we have never undertaken the sizable project of making conditional permissions like this editable by you, the Admin on the client side. Not only is this a very large and complex undertaking, but it would be challenging to build in enough safeguards to prevent creation of conditional rules that lead to performance problems, or unforeseen errors or UI rendering issues that would diminish the user experience in SG. I do appreciate that this limitation can be frustrating at times.
Creating or editing custom conditional permissions is something we can do for our clients subscribing at the Super Awesome support tier. This is not restricted just to create an upsell opportunity, it is just that rules like this tend to require ongoing maintenance and tweaking over time, and of course any tweaks need to be done by our support team since there is not client-facing UI for it. So there is an added, ongoing support burden created there, in most cases.
That said, if you are limited by a conditional permission that ships with Shotgun, like the situations you describe here that are both fairly quick changes on our end, we will typically make those adjustments without requiring any sort of support upgrade. We also will occasionally adjust the default behavior in our new site templates, if we find that we are commonly hearing that clients would prefer a different approach. In the end, we want the permission system to give you exactly the access levels and behavior you require.
If you would like to send me a direct message letting me know your site URL, I would be happy to go in and update your site with the behaviors you describe here. Sorry again for the frustration.
As a follow-up to this, we would love to hear from you (and anyone else who would like to chime in) if there is an example of a really powerful and easy-to-use permissions system out there. I personally have not used many that have struck the right balance there - I think it is a very difficult thing to achieve. But it would certainly help us as we plan what the future of what Shotgun looks like, if we can hear more from you, our clients, about how you would like to see all this work ultimately.