Service providers (e.g., accountants) typically require access to client data in order perform their services. Determining access permissions to client data has typically been based on an individual agent's membership in a group (e.g., an accounting firm). Permission management schemes are typically based on representing the relationship between the client and the agent, but do not explicitly represent the group that employs the agent.
Such a failure to represent the group employing the agent may create problems when modeling complex usage scenarios. Ambiguity may be introduced when an agent is employed by multiple accounting firms that provide services to the same client. For example, it may be difficult to determine which accounting firm is responsible for which modifications to client data. In addition, performance issues may arise when multiple agents of an accounting firm perform work for the same client. Furthermore, permission management data may be duplicated, resulting in overhead and a performance burden to synchronize duplicated data, which grows proportionally with the number of agents and the number of clients. For example, when a new agent is added to a firm with thousands of clients, thousands of direct links must be created between the agent and the clients. Also, when a key agent (e.g., an owner, partner, manager, etc.) of an accounting firm is replaced, the permission data may need to be changed for each client of the firm.