Hide duplicate Permissions in Security Settings

I have a situation where I'm using inherited forms with controls I want to assign to "admin" users.

That is, there is a "btnDelete" in the ancestor form, and I want to set up a permission called "DeleteAllowed".

In user management, I have two users, userAdm and userReg.

In groups I have  admin and regular.

I membership, I assign userAdm to admin, and userReg to  regular.

Form Policy:
I go into FormA, create a policy called DeleteAllowed and assign it to the form's btnDelete.
go into FormB, create a policy called DeleteAllowed and assign it to
the form's btnDelete. I also assign a label in FormB to DeleteAllowed.

I have no problem doing this manually form by form.

I go back to User Management and view the Groups tab.

In the Permissions list, I see "DeleteAllowed" listed twice.

doesn't matter which of the "DeleteAllowed" permissions I assign to
Admin group  - when I show FormA logged in as userAdm I see the
btnDelete, and when I show FormB logged in as userAdm I see both the
btnDelete and that label.

Logging in as userReg hides everything in FormA and FormB as expected.

issue I have is that the application has about a dozen forms, and
multiple access control "categories" (eg "controls that are for delete
ops" or "DBNavigator Bars").

Given that it doesn't matter which
"DeleteAllowed" policy I select for the Group - I'd really like to hide
all the duplicate entries in the Security Settings Permissions list - is
there a simple way to do this?



Afaik, this is the first report we get from someone using this with inherited forms.
Does formB inherit from formA?

Did you try to give the policies unique names, i.e. DeleteAllowedA, DeleteAllowedB so you could see which is coming from what form?

I did actually try giving them discrete names - but this "litters" the permissions treeview with a bunch of similarly named permissions - and the end-users are just confused.

I modified uSecDlgForm to sort the group permissions TTreeview  - that helps ("pick any "HandleDBNavBar" permission, they all do the same thing").
I'm probably going to modify it to only allow adding a permission if that permission name isn't already in the treeview.

My setup is as follows (using MS-SQL for tables, Delphi Berlin Ent):

datamodule dSecurity
    FDConnection and tables

Base Form:
  uses dSecurity

 formMain inherits from base form.
 formA inherits from base form
 formB inherits from base form
formMain is the "launcher" - meaning I  create and show formA and formB from formMain

I can build a demo project for you to test with - but I'm a bit under the gun time-wise - might have to wait until late next week.