[SECURITY] Refactor and fix FAL user permission handling