The security of computing resources and associated data is of high importance in many contexts. As an example, networks of computing devices may be utilized to provide a robust set of services to their users. Within a network, a first user may be privileged with certain access rights and a second user may have a second set of access rights which may be different from the first user's access rights. Access rights of users in the context of a computing resource service provider may be defined using security policies, which may be utilized by the service provider as part of determining whether to grant or deny a user access to a computing resource.
Managing and maintaining the security of computer systems and computer networks is often complex and challenging. In many cases, the access rights of users in a system may change over time, which may, in some cases, necessitate a change in the security policies that apply to a user. As the number and types of users that are supported in a computer system or computer network expands, it may become difficult to determine whether the access rights associated with a user actually grants access to resources for which a user should have access to and denies access to resources for which a user should not have access to.