...
There are certain permissions that are not evaluated in any Access Scope. Examples of these permissions are: send_messages, read_alerts_only_from_associated_patients and read_alerts_from_entire_organization.
When these permissions need to be evaluated, the application just checks whether the permission is present or not in the User's role/s.
Proposal #2: Separate Access Scope for each permission
