The subject disclosure is generally directed towards an automated mechanism in a computer network or system that controls resource access to any resource designated as needing multiparty authorization. In one aspect, a resource that needs multiparty authorization before access is allowed is identified, along with policy that specifies an authorizer (or multiple authorizers) for the resource. An access control list may contain metadata that indicates the need for multiparty authorization. Authorization may be provided via a token, which may be cached for future use.