Known techniques for access control of information technology resources (e.g., computer files) employ traditional access control and/or mutually exclusive access control. Traditional access control ensures that an entity accessing a resource has certain attributes that match access control requirements. Mutually exclusive access control designates certain entities as incompatible so that the designated entities are not permitted to access a particular resource at the same time. The known access control techniques are based on access control lists and/or text-based rules, which are non-intuitive, error-prone, and difficult to use. Thus, there exists a need to overcome at least one of the preceding deficiencies and limitations of the related art.