Access to resources may be controlled by a policy, which determines whether a given request to access a resource may be granted. When a request to access a resource is made, the request is evaluated against the policy. If, based on the evaluation, it is determined that the request is allowable, then the requested access is granted; otherwise it is denied.
As computing systems and environments grow more complex, the policies that govern access to the resources have become increasingly complex as well. A policy may determine who or what can access a very large number of resources, and may depend on complex, intertwined factors. Thus, it is often difficult to predict the effect of a given policy, and the cost of an error in the policy (the prospect of accidentally granting access to the wrong principals, or denying access to legitimate principals) is very high. Even minor changes to existing policies can have far-reaching effects that are hard to predict at the time the policy change is made.