Please allow following usecase:
Users with particular attribute (e.g. extension/imSecretUser=true) shall be hidden from end users for common use cases (shopping cart, org tree, popups). Exception may be WF request or other areas where e.g. approval request is needed.
Please implement a new way of selecting which items to display in the shopping cart. Authorizations may not be the right way. One of the drawbacks is that #assign authorization also influences what user can do in e.g. Governance tab of the RoleType. So today its imposible to implement following scenario: user CAN assign any user to owner relation (role governance), but is FORBIDDEN to assign default relation to any user in the shopping cart at the same time. This maybe valid business case.