The base implementation for PermissionDB.SaveRolesForPermission doesn't allow for customising the "ClearByName" and "ClearByPermission" parmeters passed to the netPermissionSave SP.
When saving permissions, the default implementation requires us to pass in all users in the permission for a save - with ClearByPermission always being 1, it will remove all users with the permission and replace them with the new list of users to save (rather than just add/remove a specific user).
It seems that in Episerver CMS Admin > Permissions For Functions, the approach taken by Episerver is for editing multiple users on one specific permission.
Our desire is to easily edit multiple permissions for one specific user. (An "opposite" design approach).
We would do this by calling netPermissionSave with ClearByName = 1, and ClearByPermission null. This will remove permissions for that specific user, and resave just permissions for that user.
There is no way to customize if ClearByName or ClearByPermission is called with a value, so we need to implement our own custom call to the netPermissionSave DB to achieve the peformance we desire (our own version of PermissionDB & DefaultPermissionRepository). We then need to ensure (for performance reasons) the correct params are used depending on the context/desire of the call.
With a few custom overloads (with default params) in PermissionDB we could easily customise how the call runs for our front end, whilst still leaving the Admin side working as it currently does - without the need for an entirely custom implementation.