In the Access Control Engine (ACE), user authorizations for business objects are not depicted with a direct relationship. Instead, only parts of the relationship are calculated: from the object to a fixed point and from the user to a fixed point. The fixed point of the relationship between the user and the business object is called the actor. In other words, ACE architecture separates the direct relationship in the organizational model between business object and user into an indirect relationship. Calculation of the actors occurs in advance using background processing, through rights activation, for example. Determination of the relationship from the user to the object by way of the actor occurs quickly at the time of the authorization request because the system uses a database table access (access control list). When business objects are created or changed at runtime, ACE must only recalculate the relationship of the object to the fixed point.