The functionality behind my_organizations (eg. listing the orgs selectable in the UI context menu) requires users to be assigned to orgs. This makes creating roles, such as the Site Admin built-in behave strangely.

I'd suggest that the following:

+ Remove my_organizations permission
+ Add a search type for Organization permissions (eg. view_organizations w/ User.current.my_organizations)
+ All access to orgs is handled through Organization permissions


This would allow roles that span the entire install (eg. Site Admin, Site Auditor, etc.) to specify a role "view_organizations w/ unlimited". This user would not have to _belong_ to the orgs since, in fact, they are site managers not members.

Note: All of the above should be applied similarly to my_locations, which I do not see as a permission anywhere currently.