Should moving assets require a separate permission from deleting?

[kylecotter]

Currently, moving an asset between folders (or volumes) requires the deleteAssets permission on the source volume. This is enforced in AssetsController::actionMoveAsset():

// Check if it's possible to delete objects in the source volume and save assets in the target volume.
$this->requireVolumePermissionByFolder('saveAssets', $folder);
$this->requireVolumePermissionByAsset('deleteAssets', $asset);
$this->requirePeerVolumePermissionByAsset('savePeerAssets', $asset);
$this->requirePeerVolumePermissionByAsset('deletePeerAssets', $asset);

The same pattern applies to actionRenameFolder(), which also requires deleteAssets.

I understand the rationale -- a move is conceptually a copy + delete from the source. But in practice this creates a problem: if you want users to be able to organize assets into folders, you must also grant them the ability to permanently delete assets. There's no way to allow one without the other.

This came up tangentially in #3349, where image editing was decoupled from the delete permission by adding editImages. At the time, Andris noted that the delete requirement for moving "makes sense" given the underlying operation, but it seems worth revisiting whether a moveAssets / movePeerAssets permission (or similar) would give site admins more granular control.

Use case: We have content editors who need to reorganize assets into folders but should not be able to permanently delete files, since deletions can have downstream effects across many entries. Today we have to choose between granting delete access (risky) or removing the ability to move files (limiting).

Would the team consider adding a dedicated move permission, or is there a reason the current coupling is preferred?