In an embodiment, a central repository of rights may be implemented, and accessing entities (e.g. clients) and entities for which access is controlled (e.g. files, servers, etc.) may rely on the central repository. The rights may vary on a client-by-client basis. In an embodiment, the rights may be managed as a value that is interpreted by the access-controlled entity. Accordingly, the definition of access rights may vary based on the entity. In an embodiment, visibility to the access rights may be limited. For example, the central repository may provide a handle that is associated with the access rights, but the access rights themselves may not be provided. When an accessing entity attempts to access the access-controlled entity, the handle may be used to identify the access rights. The handle may be presented to the central repository by the access-controlled entity to confirm access rights.
展开▼