Sharing files, folders, and other computing resources among different users typically involves some type of access control or permissions. In conventional systems, when a computing resource is shared with a user, access control policies or permissions indicating that the user is authorized to perform some action are typically established at the level of the resource and propagated down to each hierarchically related lower-level resource. In this way, if a folder containing subfolders and documents is shared with a user, an access control policy is added for the folder as well as for each subfolder and document in the folder. While this approach can be adequate for single-user desktop systems, small user groups, and other simplified systems, in large-scale systems with many users, propagating access control policies to lower levels in a hierarchy is computationally expensive and can cause race conditions, uncertain states, and other problems.