what u can do is:
1)create a role (which is nothing but a club of privilages) and each role specifies the access of resources at various level, and name the roles e.g project-leader, Developer etc.
2) u can resuse the above created role and assign it to various entities.
3) unlimited combination of privilages could be to create new roles.
JAAS framework provides support for role based Authentication/ Authorization.
Check out these useful links:-
JAAS. Start with the tutorials, then the Reference Guide and perhaps the white paper.
The
Java Developers Almanac has a little bit of sample code too.
regards
Ashish Uniyal
SCJP2