As Polaris currently exists (v7.3 at my library), User 1 wants to share a bibliographic record set with User 2 and User 3. In order to do this, they have to change the record set's owner from User 1 to Organization 1. But this allows all members of Organization 1 with the permissions "Cataloging Record Sets: Modify" and "Cataloging Record Sets: Delete/Undelete" to make changes to that record set. Let's say that at some point down the road, User 4 sees this bib record set owned by Organization 1 and thinks they're being helpful by updating or deleting it. They didn't necessarily know that User 1, User 2, and User 3 were working on it together.

Ideally, there would be a way to limit changes made by other users while still allowing certain users to view record sets - whether through user permissions in SA, a process like securing individual patron records, or some sort of "sharing" workflow.