someone recently asked me to help diagnose a security issue - it seemed that the permissions on an object were not as expected. Sure enough, this was true, but in a complex tree of objects it takes some clicking on each group to find out where the permissions from the root have been changed.
There's a good way to find these though. Open a query and enter the following SQL:
SELECT ID, FullName, ACLInherited FROM CDBOBJECT WHERE ACLInherited = False ORDER BY FullName
This will show all objects with non-defaulting security!
p.s. you can do the same with the colour palette using the column ColourPaletteInherited.