A system and method for storing role definitions for cloud provider systems, receiving a first request to assign a user to a first role specifying a first cloud computing resource of a respective resource type, identifying a role definition corresponding to the first role that includes an action set permitted, and creating the first role for the user on the first cloud computing resource by associating the identified role definition with the first cloud computing resource and the user. A second request to assign the user to a second role is received specifying a second cloud computing of the respective resource type, and the second role is created for the user on the second cloud computing resource, where the identified role definition corresponds to the first and second roles, and wherein creating the second role includes associating the identified role definition with the first cloud computing resource and the user.