Okay, this is done. My solution is four Maniphest forms:

• Create Task - This is the simple create form for tasks. it defaults to "needs triage," doesn't provide a chance to assign the task to someone, and hides the policies of a task.
• Create Task (Advanced) - This is the full create task form. It is restricted to Trusted Contributors
• Create Security Task - This is a create form visible to everyone. It automatically puts the task in S2, assigns the Security project, and creates a custom policy on the task.
• Edit Task - This is the same form as Create Task (Advanced), but it is set as the edit form due to the permission restrictions on that form.

In T15001#27, @taavi wrote:

In T15001#26, @Matthew wrote:

Okay, I have set up the projects, spaces, forms, and other policies with one exception:

At least in Maniphest all users seem to still be able to mess with custom policies.

I will made the adjustment to the forms, I'd think we want a simple create for anyone new anyway

Okay, I have set up the projects, spaces, forms, and other policies with one exception: I can't remember how to restrict arc land, so I'm going to take care of that in a bit.

In T15001#23, @taavi wrote:

I think that's good to get us going. Who would be able to manage membership of the blessed_commiters / security groups? Admins?

I can take care of the initial setup for this issue.