While we're voting for more granular permissions (vote here!) I wondered if it would be helpful to share the things we've learned the hard way on canvas permissions. Please clarify the type of permission (course level- student/teacher/observer or account level- various admin access) because some are named the same thing but do not behave exactly the same way.
Here are some we have found:
"Manage all other course content" - if this is disabled and you have set prerequisites on the modules page (must submit/must view/must progress in order, etc) the teacher or TA will also be subject to the prerequisites that were designed for students. This will force the teacher to complete the course in order to view the next page. If you enable it, it gives them access to edit any part of the modules page (add/remove content, add/delete modules). Our teachers work off of set content developed by course designers, so we try to lock down things as much as we can.
"View discussions" - if this is disabled all course level announcements will show on the student's dashboard, but when they click on it Canvas will give them the "page has been disabled" top banner. It doesn't seem to warn teachers when they post them, so our teachers kept posting them for several days before any of our students let us know they could no longer see them. You can turn off all of the other related discussion permissions if you don't use them (we don't because of moderation issues with online and underage students) but you have to leave on this one if you want announcements.
"Add/Remove admins" and "Become other users" - this only allows you to interact with other admins at or below your level. Canvas seems to determine "at or below" as you having every permission they have or all of them plus. If a permission level has a single permission you do not, you can't add people to that level and you can't masquerade as anyone in that permissions level.
"Manage (add/edit/delete) courses"- this must be enabled for a user to be able to publish or conclude a course. The technical permission for publishing is "Change course state", but with that selected a user still cannot publish/conclude. We actually disabled Change state and it seems to have no affect on ability to publish at all, so I have no idea what that permission does, but you can't publish without Manage courses.
There are certainly more... but I've spent all day trying to write this around office traffic, so if people are interested in discussing I'll add a few more tomorrow