A few related issues, when trying to deny permission to a scope.
Ticking 'Deny Read' on a scope for "Authenticated Users" issues a message "WsAccess.PermissionAction
Please don't set deny permissions for Administrators or Authenticated Users"
It is not clear whether this is an error or a warning.
The tick remains ticked.
It should clearer if error or warning.
But I am not sure of the logic either way. i.e. why should an admin not be able to deny read on a scope to the Authenticated Users group ?