A computer network and methods are provided for granting and revoking access privileges for an information source of the computer network. The computer network also comprises an Access Control List (ACL) for the information source, listing authorized users of the information source together with their access privileges, and means for generating a reference to the information source. The computer network is characterized by means for adding access privileges to the reference and means for passing the resulting enhanced reference to another user of the network and, thus, providing the receiving user with the access privileges passed. Furthermore, the computer network comprises means for automatically generating a Reference Passing Tree (RPT) for the information source by automatically storing the identification of the user sending the enhanced reference, the identification of the user receiving the enhanced reference and the access privileges provided by the enhanced reference. Moreover, the computer network comprises means for "cupping" the RPT, thus, automatically revoking at least parts of a user's access privileges, which have been provided directly or indirectly by another user, when the parts of the other user's access privileges are revoked.