Comment by ssl-3

That is, in fact, exactly what we typically see in reality with local access control system head-ends.

At the doors, there might be keycards, biometrics and PINs (oh my!) happening.

But there's usually just not much going on, centrally. It doesn't take much to keep track of an index of IDs and the classes of things those IDs are allowed to access.