Recently, a colleague and I wanted to make the default card permission grant read access to authenticated users. Instead of looking up permissions, we spent some interesting time in the code, writing tests, etc.
We created a script which you can run from script/console to automatically change the default card read permission. Idiomatic wagn would have been:
/*Card.find_by_name("Basic+*tform").permit(:read, Role[:auth])*/
Here's our actual script on gist.