Change the default (or allow choosing a default) for all records/project security. Currently this is manually mapped for users via query, it would be ideal to default to no access until it is provided rather than defaulting account and project security to have access to all records.