A distributed access controller for controlling access to resources in a multi-domain distributed computing environment. The access controller is configured to receive a request from a user requesting performance of one or more operations on a particular resource. The access controller attempts to resolve the requested operations based on user hierarchy information and access list information for the particular resource. If all the operations in the user's request cannot be resolved based on the user hierarchy information and the access list information for the particular resource, the access controller then attempts to resolve the unresolved operations based on the particular user's user hierarchy information in combination with resource hierarchy information, and access list information for the resources in the resource hierarchy information. In alternate embodiments, the access controller attempts to resolve the requested operations based on the resource hierarchy information and access list information for the resources in the resource hierarchy information. If all the operations in the user's request cannot be resolved based on the resource hierarchy information and the access list information for the resources in the resource hierarchy information, the access controller then attempts to resolve the unresolved operations based on the resource hierarchy information in combination with the particular user's user hierarchy information, and the access list information for the resources in the resource hierarchy information.