I noticed that a special API via the instance of the Auth class is provided to manage groups, user memberships to groups, permissions and groups access to permissions.
Is that purely a convenience thing or was it put in place to prevent some weird crashes caused by race conditions if the DAL API is used directly on the tables? An API is not provided to add/remove users (not in the manual anyways). I see that there is an example where users is added directly with DAL (page 134 of the pdf), but is it equally safe to detele users directly with DAL? If so, should a special step (like blocking the user first) be taken?
