Thanks for sharing this. But some comments about code.

  • postconditionals is a very good part of our language, but here is too much, and quite difficult to read such code. In this case much better will be simple if else
  • return in try block is a bad idea, you should throw an error, which will be caught anyway
  • we can do new $namespace, but in your code, this method returns to wrong namespace, look at my previous point
  • instead of $replace(database,"/","\"), use ##class(%File).NormalizeDirectory(database), in this case you should not check on OS, even you forgot some of OS's, and in this case NormalizeDirectory/NormalizeFilename, a bit better.
  • verbose mode will be better to do with a macros, something like $$$DebugInfo("some message")
  • In your code I see so many checks on errors, and looks like, after such error we should exit, but you go further. You should look at some system macroses like $$$ThrowOnError() and so on, I think you should use it. And code will much more clear for readers
  • and at the end you have some call to method checkRW, I think you should remove it, or show this method, because it's not clear what it does

And, before publishing, please change tabs to spaces, because tabs here is too big. And width of lines should be a bit less, because read such long lines a bit difficult. 

I fixed tabs here, for more readability.

While it is possible to do with COS, there are so many different ways to achieve it.

Most easiest and preferable way, is to write some code on server side, and call it from batch script.

To work with users, you can use class Security.Users.

Also you can look at %Installer manifest, which has some functionality about security.

Terminal scripts, can help to automate some things. And how to run it.

And even you can read this article, about COS and Linux. It is quite simple, but as an example.

Your clarification does not help actually. But any way, deleting any object, leave just ID on a link, and again, everything here depends on your application. In most cases it could cause for some different issues, when application have not expected deleted object. And I would recommend to use some flag like "isDeleted", which can help to hide such objects in most of places, and still have an access to the content of this object, to show if it would be needed. Completely delete object recommended only in case when no any other objects has links to this one.