I've created a DataObject and a Model Admin with matching permissions. I've created a user and added them to the Group "Used Cars Editor". See SecurityMain.png

I've noticed two potential bugs:
1. In the permission tab all items have a green checkbox (See attached SecurityPermissions.png)
2. The user can create a Used Car, but not view existing used cars. Eventhough the Data Model shows View 1 - 8 of 8 items, no items are shown in the GridField See: ModelAdminDataObject.png

Can anyone shed a light on whether I've missed something or whether these are bugs?

I've used the code below:

UsedCar.php

<?php
class UsedCar extends DataObject {
	
	/**
	 * @var string
	 */
	public static $description = 'Used Car';

	/**
	 * @var array Fields on the user defined form page.
	 */
	public static $db = array(
		"Make" => "Varchar",
		"Model" => "Varchar",
		"Mileage" => "Varchar",
		"Fuel" => "Enum('Diesel, Petrol, Hybrid, LPG, Biodiesel')",
		"RegistrationDate" => "Varchar",
		"Transmission" => "Enum('Manual, Automatic, DSG - Direct shift gearbox')",
		"NrDoors" => "Varchar",
		"Colour" => "Varchar",
		"Price" => "Varchar",
		"Sold" => "Boolean",
		"Description" => "Text",
		
		'SortOrder'=>'Int'
	);
	
	/**
	 * @var array Default values of variables when this page is created
	 */ 
	public static $defaults = array(
	);

	/**
	 * @var Array
	 */
	public static $has_one = array(
//		"Page" => "UsedCars",
	);

	/**
	 * @var Array
	 */
	public static $many_many = array(
		"Images" => "Image"		
	);
	
	public static $summary_fields = array(
		'Thumbnail', 
		'Make' => 'Make',
		'Model' => 'Model',
		'Price' => 'Price',
		'hasSold',
	);
	
	static $searchable_fields = array(
		"Make" => "Varchar",
		"Model" => "Varchar",
		"Description" => "Text",
	);
	
	/** User permissions **/
	function canCreate($member) {
		if (Permission::check("USED_CARS")) return true;
	}

	function canEdit($member) {
		if (Permission::check("USED_CARS")) return true;
	}

	function canDelete($member) {
		if (Permission::check("USED_CARS")) return true;
	}

	public function hasSold() {
		if ($this->Sold) return "Sold";
		else return "No";
	}
	
	public function Link() {
		return "show/" . $this->ID;
	}
	
	public function Thumbnail($width = 150, $height = 150) {
		$img = $this->Images()->First();
		if ($img) return $img->SetRatioSize($width, $height);
		else return null;
	}
	
	public function AdditionalImages() {
		return $this->Images();
	}
	
  public function getCMSFields() {
    $fields = parent::getCMSFields();

		$fields->removeByName("SortOrder"); 
		$fields->removeByName("PageID"); 

		$f = new UploadField('Images', 'Photos');
		$fields->add($f);
		$f->setFolderName("used-cars");

    return $fields;
  }	
}

UsedCarsAdmin.php

<?php

class UsedCarsAdmin extends ModelAdmin {
	public $showImportForm = false;
	
  public static $managed_models = array('UsedCar'); // Can manage multiple models
  static $url_segment = 'usedcars'; // Linked as /admin/products/
  static $menu_title = 'Used Cars';
}

class UsedCarsAdmin_Controller extends ContentController implements PermissionProvider {
	function providePermissions(){
		return array(
			"USED_CARS" => "Create/edit/delete 'Used Cars'",
		);
	}
}

Perhaps you need to define a canView() as well.

Thanks Willr, that fixed the second issue, a user can now edit/view the objects! I knew it would be something very simple, I think I had been staring at the issue too long!

Are other people seeing all green checkbox in the permissions tab? If so I'll open a ticket.