When saving an authorization with type 2 (DENY) and a single permission like UPDATE, the backend saves the permission with an additional ALL permission.
This is happening only on DENY authorizations, at creation or update.
The backend saves only the wanted permission.
Note: This isn't a bug cause the ALL permission has a different meaning in the backend. ALL is returned cause if at least one permission is revoked you no longer
have ALL permissions.
But in the frontend this logic is hard to understand and do explain so we decided to handle the ALL permission in a different way in the REST API. The permissions
list will now only contain the ALL permission if really all permissions are granted or revoked, otherwise the single permissions will be listed.
Additionally we filter the NONE permission because it is always granted.