Dataflow diagram - how far do I need to drill down?

1) I recommend starting with the diagram you have, and expanding it only when or if you find an ambiguity, a place where there's an additional boundary, where you have to ask "how does this work" to understand an attack or defense, etc.

I don't know what this refers to: "The SDL Threat Modeling guidelines state that I know that my DFD needs more detail when there is still a trust boundary in the DFD". I owned those guidelines for several years, and I don't think that they said that (while I was responsible.) Could you add a link?

2) Are permissions on each CRUD operation always the same? If you have to expand on them to clearly communicate how the software works, then a diagram that shows the separate operations is a helpful communication tool.

Fundamentally, the work you do is supposed to help you understand, communicate and analyze effectively. If there's work that someone ("the SDL TM guidelines") is telling you to do, and you don't think you need to do it, perhaps do a small experiment. Then either you'll be surprised, or discover that in that instance, you don't need to go a level deeper.