Problem: The current permission system is hard to understand for inexperienced Drupalers. In many cases we get the clear picture of what a permission means only if we try out things, or read the code itself. Permissions often overlap with others (e.g., administer content), but administrators do not notice this. Managing permissions is difficult, and could become hard when we work on a larger website. The user interface isn't transparent enough, and sometimes it needs serious concentration to work with. Proposed solution: During Google Summer of Code we are working on this topic. Let’s imagine that modules describe trees instead of simple lists when they determine their permissions. Leaves of these trees can be very specific about what rights and functionalities the users get if we grant that certain permission for them. Without a tree, this would mean an unmanagable number of permissions but with the hierarchy, users can be as specific or generic as necessary when granting permissions. There is no more situation like enable the ‘administer something’ permission where we have no idea what power we give our users, unless we have experience of that certain topic and module. Well-structured permission trees with a brand new user interface could be a huge step forward to a better UX. In this presentation we would explain this whole philosophy, and show the new fancy UI (or at least some plans for one) for the permissions management page. Then we could discuss the possibilities to integrate this work (with more or less modifications) into Drupal 8 core.