We use JDV as "data-firewall", so there are a lot of groups configured on JDV data roles section.
Each time we add a model object to the project, by default all read permission are granted to that model for all groups.

We think it could be better, to have an option in the "Data Roles" tab, avoiding users to uncheck for all the groups's permission which aren't needed (see page 2 attachment JDV_RFE_security_default_profile).