Sometimes it's desirable to disallow users of type 'Zabbix Admin' to change certain settings or objects even if they have write permissions via corresponding host group.

In my case some settings/assignments should be kept to assure integrity.

While ZBXNEXT-77 is about permission on user level what probably needs a complete re-design/-write of user management this issue is meant to revoke permission globally on object/element level.

E.g.:
Locking a group wouldn't allow a Zabbix Admin to add/remove hosts or to change the group name without affecting access right to hosts of group itself
Locking a template wouldn't allow to link/unlink a this particular template from a host with r/w permission

I could also think of locking settings on group level:
checking 'Lock status' won't allow enabling/disabling it for host members
checking 'Lock interfaces won't allow adding/removing/updating interfaces
same for templates, macros, proxy, ...