It would be great to have an advanced toggle when creating a new user where you can select a resource group, but if not toggled, gives the administrator simple checkboxes to allow/disallow permissions for very general things. Also some sort of category system for all of the 167ish Access Policies that we have to sort through.
The fact that your very reasonable suggestions aren't workable in the current permission system (except maybe for the last one), demonstrates some of its flaws.
Users are not associated with resource groups except through their user group memberships. If you meant to write "user group," you can do that on the "Access Permissions" tab when creating a new user.
The checkbox idea would be great, but wouldn't work with the current permission system, where the checkboxes only exist in policies, which can only be associated with user groups, not users. What you're suggesting would require a separate policy and a separate user group for each user.
I've argued for a return to role-based permissions (a la Evolution), where any user can be assigned a specific role which has only the permissions the user needs. This is not quite what you're suggesting, but it's closer to it than what we have now.