I have an Intranet portal and I use the hierarchical relationship to group different links that belong to each of our applications. So mine is like Application -> Application Link. At the application level, I might have something like "Sitefinity Portal" and for the application links, they would be a set of links to things like "Sitefinity Documentation", "Sitefinity Production Website", "Sitefinity QA Website", "Sitefinity Project Plan", etc. There are some cases where a user should only be able to see some of the application links associated with an application they have permission to see. So I'll have a role that's something like "Sitefinity Administrator" and people assigned to that role could see all of the links and I'd have another role like "Sitefinity User" and those people could only see "Sitefinity Documentation" and "Sitefinity Production Website". Both "Sitefinity Administrator" and "Sitefinity User" would have permission on the "Sitefinity Portal" parent.
To answer your questions:
1. I would expect the default permission on the child to be the same as the parent, but have the ability to change the permissions on the child. If I change the parent permissions, I would like it to ask me if I'd like to apply this change to all of the children. In my case, I'm probably always going to say no to this, but there could be some cases where I do need to change all of the children and I'd like a fast way to do it without having to modify each child. Ideally, I would prefer 3 options: 1) Apply to all children. 2) Apply going forward. 3) Apply to children with the inherited permission ONLY (leaving alone any child permissions that do not match the current parent permissions)
2. If I could not have the scenario described above, I would want any child that I've set custom permissions on to be skipped if I make changes to the parent. At that point, I have already broken the inheritance so there's probably a reason why I need it to be that way.