Today, organizational entities such as companies, universities, non-profit organizations, etc., share secure data files amongst members of the organization through communication networks. A person within the organization (a user) may be given a user account through which she is provided access to the communication network. However, the user may not be given permission to access the secure data files directly through her user account, and instead the user account may be assigned to one or several security group(s) based upon her job function. Members of the security groups may have permission to access certain secure data files, and the user account receives permission to access the secure data files based upon being a member of the particular security groups.
When the user changes job roles within the organization, leaves the organization, or no longer has permission to access certain information, the user's corresponding user account may need to be removed from certain security groups. However, this may be a time-consuming, mistake-prone, and difficult process—all of which may lead to many errors and/or oversights allowing the user to have permission to access data that she is no longer authorized to access.