Are you using roles? IT systems can quickly become difficult to manage if correct identification and classification of roles, responsibilities and access requirements are not defined up front.
Keep in mind that this will be an ever changing and evolving environment where users may change roles or amalgamate roles.
A simple method that has been employed for many years has been to assign:
Users to roles -> Roles to resources. This allows for many to one relationship to be formed and means you can keep track of who is using what. Consider this like your organisation, many people may do the same function and many functions many need to use the same tools.