Permission Sets have been always shipped in such way so that specific permissions was given on a Table Data and for System functions but for other object types (Table, Report, Codeunit, XMLPort, MenuSuite, Page, Query) user always had unlimited permissions as soon as he would get the BASIC permission set. This is wrong, as there is a need that although a user might have needed permissions for manipulating data he should not have the permission to perform certain task.

Please make the Permission Sets more secure by allowing the BASIC user to do what basic user can do without having unlimited permission on object type other than Table Data. Other Permission Sets should extend and build upon BASIC Permission Set.

We would like to use standard Permission Sets this is not possible as it is not restrictive enough and for the SaaS it seems to me as a security hole.