Access permissions management system and method

The invention claimed is: 1. A system comprising a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to automatically provide bi-directional visualization of authority of users over SACs in an enterprise-wide network and to enable modification of said authority of said users over said SACs to provide improved systems and methodologies for access permissions management in enterprise computer network, said SACs comprising containers, each of said containers comprising network objects, said authority of a user over a SAC comprising an ability of said user to modify properties of said network objects, said system comprising: a user interface for displaying, in a single view, bi-directional visualization of authority of all users of said enterprise-wide network over all SACs in said enterprise-wide network, said users being users other than owners of said SACs, each of said network objects of each of said SACs comprising only at least one of at least one user and at least one user group, said bi-directional visualization in said single view comprising: a first uni-directional visualization comprising, for a given user, user-wise visualization of the authority of said given user over at least one SAC in respect of which said given user has authority, said given user being a user other than an owner of said at least one SAC; and a second uni-directional visualization comprising SAC-wise visualization for a given SAC of the authority of at least one user over said given SAC, said at least one user being a user other than an owner of said given SAC; and a user interface for enabling a human viewer of said bi-directional visualization to modify said authority of said given user over said SACs. 2. A system according to claim 1 and wherein: said SACs do not include data elements; and said user-wise visualization does not provide visualization of authority of a given user over data elements. 3. A system according to claim 1 and wherein: said SACs do not include data elements; and said user-wise visualization also provides visualization of authority of a given user over data elements. 4. A system according to claim 1 and also comprising: a user interface for providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority; and a user interface for providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over said given SAC. 5. A system according to claim 1 and wherein said user interface enables said human viewer to revoke said authority of said user over said SACs. 6. A method for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network and enabling modification of said authority of said users over said SACs to provide improved systems and methodologies for access permissions management in enterprise computer network, said SACs comprising containers, each of said containers comprising network objects, said authority of a user over a SAC comprising an ability of said user to modify properties of said network objects, said method comprising: displaying, in a single view, a first uni-directional visualization comprising, for each given user of said enterprise-wide network, visualization of the authority of said given user over each SAC of said enterprise-wide network in respect of which said given user has authority, said given user being a user other than an owner of said at least one SAC, and a second uni-directional visualization comprising SAC-wise visualization for a each given SAC of the authority of each user of said enterprise-wide network over each said given SAC, said at least one user being a user other than an owner of said given SAC, each of said network objects of each of said SACs comprising only at least one of at least one user and at least one user group; and enabling a human viewer of said bi-directional visualization to modify said authority of said given user over said SACs. 7. A method according to claim 6 and wherein: said SACs do not include data elements; and said providing user-wise visualization does not include providing visualization of authority of a given user over data elements. 8. A method according to claim 6 and wherein: said SACs do not include data elements; and said providing user-wise visualization also includes providing visualization of authority of a given user over data elements. 9. A method according to claim 6 and also comprising: providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority; and providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over said given SAC. 10. A method according to claim 6 and wherein said enabling said human viewer comprises enabling said human viewer to revoke said authority of said user over said SACs.