Computer authorization systems are typically permission-based. Once a user is authorized, usually by entering a password, the user is assigned a fixed set of permissions that govern the user's access to resources in an enterprise application. For example, a user may have permission to modify computer files belonging to the accounting department, but not the human resources department. A user's role in an organization will change over time, however, as the user acquires new skills and responsibilities. Access to resources should be tailored to each user's particular circumstances. Accordingly, a user's permissions need to be modified in order to reflect new privileges. When the number of users is great, administering fine-grained details of each individual user's permissions can create significant administrative overhead. As a result, a user's static permissions may not change in step with the user's role in an organization. This problem is exacerbated if privileges are dependent on less tangible factors, such as the time of day or prevailing conditions of a computer network. What is needed is a flexible, rules-based approach to authorization that allows users to dynamically acquire different privileges as their roles change over time.