I'm not sure what the global privs in sessions are being used for, but I ran into it while debugging and saw that the current master doesn't assign them at login.
Fix auth scope route now that we're using XM.SimpleModel.
I use it here:
and we will probably want to use it more as we see fit. It's important that it work right.