the idea is simple in a way - imagine that when configuring usergroups the tag filer option will not only apply to problem view but also to entity view - like hosts & items.
This way the host groups based permissions would replaced by tags based permission - that will radically decrease the need of "overcomplexed hostgroups nesting"
Imagine that you could setup a tag on template level that all items will inherite ( imagine two different templates one with tag customer: AB and one with tag customer: CD ) on the other you'll have a host with tags: customer: AB and customer: CD. There will be a usergroup with permissions to see all entities with tag customer: AB ( no inclusions needed, no nested and forgotten hostgropus ). To the same host you allatach for example a template for linux ( all items will inherit the tag os:linux ). Then you add this tag permission to the previosly mention usergroup - as a result the user will be able to see customer related metrics with linux related metrics. Possinilities are of course much wider. In addition I can see tags also on host groups level, as they contain templates too and it would be possible to give permissions to them ( editing for example ).
What do you think ?- in my opinion concept like this would make life much easier permisions wise to maintain and design. Especially as the application on item level have been replaced by tags. And host can be tagged for a longer time already.