Users are increasingly performing tasks using remote computing resources, which may be offered through a shared-resource environment. This has many advantages, as users do not have to purchase and maintain dedicated hardware and software, and instead can pay for only those resources that are needed at any given time, where those resources typically will be managed by a resource provider. Users can perform tasks such as storing data to various types of resources offered by a resource provider. In some instances, a user having permissions under a first account might want to perform a task requiring permissions under a second account. Using conventional approaches, the user might obtain delegated access using temporary credentials issued for the second account. Unfortunately, the use of these temporary credentials is typically not directly tied back to the actual user for whom the cross-account role was granted, at least under the second account, such that the actual user responsible for an action being performed in the second account using these credentials cannot be verified.