A cloud services provider may host various computing services on behalf of its customers. On a given computing device, the set of computing services hosted by the provider may change over time as customers add new services or change existing computing services. The provider may also host services using a multi-tenant configuration, so that the computing device may host services on behalf of a number of different customers. In these cases, the addition or removal of customers may also cause the mixture of services to change over time. In some cases, the rate of change may be rapid.
An aspect of hosting computing services may involve the application of an appropriate level of security. This may be achieved, for example, by applying access controls to various objects on the computing device. Typically, these access controls may be applied on a per-user basis or by permitting access to the objects to users associated with various roles, such as an administrator or super-user. The addition of a new service, for example, may involve configuring access controls for a potentially large number of objects and users. Accordingly, conventional approaches to managing security configurations may be challenging to apply in rapidly changing computing environments.