At the university I am working, we are using a whitelist to restrict which LTI apps can be added to a course. This all works pretty well, but there is one scenario that is quite troublesome:
A teacher can not remove a whitelisted app which has been added to a course. This leads to unwanted admin, having to contact an administrator who can perform the action. For us, whitelisted apps are considered safe and the power to add and remove them lies with the teacher.
As far as I can tell, there is no magic configuration of permissions that would allow a teacher to both be able to add and remove whitelisted apps, without granting too much power. Thus, what I'd like to see is either specific whitelist-related permissions added or that the permissions related to LTI become more granular, where the power to remove an app is separated from the add/edit/delete combo.