By default, all of these security asset collection permissions are enabled but there is a capability to disable them as these specific permissions are not mandatory.
The Settings page also shows where the platform uses these extra assets and policies: