Your understanding is correct, I think. As Grant noted, since tables, views, etc., exist only within a database, and not at the instance level, you can't grant permissions to them at the instance level.
You could add permissions to the model db, and then when you CREATE a db on that instance, the permissions from model would already be there. In that way, it would be possible to "pre-GRANT" SELECT, VIEW, etc., permissions to specific user(s). Again, as long as the db is created on that instance. Restoring a db from a backup or attaching a db, as examples, would (I think) not copy the permissions from model, since the db came from another source.
SQL DBA,SQL Server MVP(07, 08, 09) Prosecutor James Blackburn, in closing argument in the Fatal Vision murders trial: "If in the future, you should cry a tear, cry one for them [the murder victims]. If in the future, you should say a prayer, say one for them. And if in the future, you should light a candle, light one for them."