Problem: Users Accumulate Rights

Over time, users change roles/responsibilities:	With each transition, users accumulate entitlements:
Users change jobs, departments and locations. There are many users, each with access to many systems.	From what? There is no record of every right a user had before, so old rights are not removed. To what? Without a role model, it is impossible to say which of a user's old rights should stay and which should go. When? A reassigned user may back up his replacement for a while, so must retain old rights for an undefined period of time.