I'm looking at adding reporting integration with the Permissions Policy spec, but as I do, I'm realizing that most of the compelling reasons for reporting were centered around the use cases that are now handled by Document Policy.

It's a given that reporting can only reflect actions defined in the document that configured reporting -- we can't report on actions in other frames, and can't set a reporting configuration for those frames either, for privacy.

Report-only mode is also less useful, as the frame which sets the policy will usually not see the results, as it is third-party frames which are restricted.

For permissions, then, it seems that the only reportable event is a failed permission request, or a failed attempt to use the covered feature, where that failure is because of the policy, rather than a user denying. That would cover the cases where the reporting document was embedded with a restricted policy, or has restricted itself.

Is this useful? Would developers get enough value out of this to make it work adding to the spec? Or are there other reportable events? Not everything is routed through the Permissions API, so maybe the value in being able to report failed fullscreen or wake-lock attempts is sufficient.