It would be excellent if the Project-based Matrix Authorization Strategy allowed for a project to start its authorizations from zero instead of inheriting from the main configuration.
For example, while the vast majority of projects may only need the default ACL, a restricted access project may need to be limited to only a few users or groups. As I understand it, the Project-based Matrix Authorization Strategy is additive. So to do this now. the global config would need to have the barest set of authorizations, and every job (except the very restricted one) would have to have the "Enable project-based security" configuration specified.