Restricting access to computing resources, such as files in a file system, to particular users is oftentimes desired. One way such restrictions can be enforced is using a resource-centric approach in which owners of the resources control the access control policies of the resources. Although such resource-centric approaches can be beneficial, they are not without their problems. One such problem is that an asset owner (e.g., file system or computer system owner) cannot guarantee restrictions on a resource of the asset because the resource owner has the discretion to change the restrictions on the resource.