As I understand it, the only way to control which documents an editor can create/edit/delete/publish is by choosing their start node?
In the case, say, of an intranet, there might be users who can edit 'news' documents but nothing else.
Would I then create a news 'root' node, with news items being allowable child documents.
But if I then give those users the news 'root' node as their starting point, yes, they can create news documents as planned, but surely they can also edit, unpublish (!) or even delete (!!!!!!!!!!!!!) the 'root' node which destroys everything.
My testing seems to support this.
Is there another way?
You are right in your understanding of the "start node" concept, as well as your editors being able to mess with the root node. But realistically, will they do that, just because they can?
In the past, we've used a simple true/false property on all nodes to determine whether the node can be deleted. We called it "undeletable", and set in on nodes that were extra important not to get removed by accident. It does NOT prevent users from going to that node, remove the check mark in "Undeletable?", save the node, and THEN delete it, but then it's no longer by accident.
We hooked into miscellaneous events and checked for the property - if undeletable == true on the node or any of its children, trashing/deleting/unpublishing would be cancelled.
I've made a quick update to the methods to use ContentService, but I haven't tested them. Grab'em from here: https://gist.github.com/jannikanker/b1864522fa0b86da89903f05d107518a