My thoughts on permissions certainly mirror your own with regards to splitting machines and storage into their own separate entities.
As a way to further this idea, essentially enabling a sort of guild bank, I proposed a guild lock system which could then be applied to different storage blocks, machines, doors etc. as needed. This is currently in the works and will hopefully give us the granularity that we need when it comes to trust levels within guilds.
For reference…