It is confusing that a space admin, can manage permissions via "Extranet Users" and still has the option to user the default Confluence space permissions functionality. This also leads to configuration errors, when assigning external users via the Confluence permissions interface. This interface should not be available for normal space admins, but it should be possible to limit access to specific users (e.g. members of specific groups).