Record permissions

Restrict editing at every level. Small teams that need to move fast can make edits directly to the database, while larger teams can view only and edit via their own internal APIs.