Access to a collection of digital resources is often managed by individually defining access policies for each resource and for each authorized party. As user authorizations to access content change over time, such discretionary policy for each affected party may require updating to maintain desired security settings. In some scenarios, such as where a content service is accessed by multiple individuals from each of a number of potentially unrelated entities on a potentially massive scale, maintenance of such security settings may be complex and potentially prone to error.