Comment 3 for bug 827356

For the purpose of this bug I am going to focus on bre, acn and acl issues.

The UI for aou doesn't allow deletion unless all child orgs are deleted and the same will happen in the db. At that point I don't think protecting aou.id 1 is going to matter much if everything else is gone anyway.

I'm not sure about protecting au.id 1, it isn't always the admin user though it often is. Is often enough to encode those protections for it given that for some databases we may be encasing in stone a random user? I'm open to a new lp for it if we decide it is.