Resource owners and other administrators of resources often grant users access to resources to support the business needs of the resource owners, administrators and the users themselves. Modern computing systems place a high importance on security of user access to system resources and on maintaining a repository of secure and accurate records of roles, permissions and/or policies associated with computing system users. In a computing system where many users may have several assigned roles, permissions and/or policies associated with and relating to many different computing system resources, devices, entities, file systems and the like, the repository of user roles, permissions and/or policies can grow increasingly complex, particularly as the size and/or complexity of the system and/or the number of computing system users increases.
Accordingly, a resource owner may want to grant other users access to resources in order to perform one or more actions on behalf of the resource owner while ensuring the security of resources. In order to manage user privileges, a resource owner may delegate authority to a number of administrators or other owners of the resource such that each of the administrators and owners may define and manage user privileges. Generally, in large-scale and other computing environments, determining who has the ability to perform a given action on a resource can present some challenges. Further, the goals of keeping privileges current can compete with other goals. A centralized system for managing privileges, for example, can have the advantage of effectively immediate updates to privileges while having the disadvantage of a potential loss of availability.