Agreed. There's no use in hiding data on the Grid when you can't give specific guests access to it.
My suggestion would be groups.
First you'd create a group, then you'd add an account to a group as:
1) Manager: Can read and edit hidden data, add/remove nodes from the group, add/remove members, and give other members Manager or Publisher rights.
2) Publisher: Can read and edit hidden data.
3) Read-only: Can read hidden data.
- A Manager account would go to an NPC. trusted manager PC.
- A publisher account would go to a senior or whoever's in charge with keeping nodes updated.
- A read-only account would go to a trusted member of the group.
In this fashion, there could be a CGH group for nodes on internal company policy, etc., and a CGH-Security group for nodes related to security-specific policies, data & statuses.
This would require a little additional paperwork on the GM side for groups without PC managers, but perhaps it could be automated with employment terminals.