Enforcing granular access control policy

What is claimed is: 1. A method, comprising: identifying, by a computer system, an embedded artifact associated with a first access control policy; detecting an association of the embedded artifact with a resource container, wherein the resource container is associated with a second access control policy; creating a restricted access control policy, wherein the restricted access control policy is provided by an intersection of the first access policy and the second access control policy; associating the embedded artifact with the restricted access control policy; responsive to receiving an access request to access the embedded artifact, applying the restricted access control policy for determining whether the access request is grantable; and sharing the embedded artifact with a user that is authorized to access the embedded artifact based on the restricted access control policy. 2. The method of claim 1 , wherein the embedded artifact is provided by one of: a file or a second resource container. 3. The method of claim 1 , wherein the embedded artifact comprises a first part associated with a first subset of the first access control policy and a second part associated with a second subset of the first access control policy. 4. The method of claim 1 , wherein associating the embedded artifact with the restricted access control policy is performed using an access control policy pointer stored in metadata of the embedded artifact. 5. The method of claim 1 , wherein applying the restricted access control policy associated with the resource container further comprises: identifying a permission associated, by the restricted access control policy, with a user group associated with a user that initiated the access request; and determining whether the permission matches an access type specified by the access request. 6. The method of claim 1 , further comprising: creating a copy of the restricted access control policy; associating the embedded artifact with the copy of the restricted access control policy; and disassociating the embedded artifact from the resource container. 7. The method of claim 1 , further comprising: creating a restrictive version of the restricted access control policy; associating the embedded artifact with the restrictive version of the restricted access control policy; redacting a part of the embedded artifact based on the restrictive version of the restricted access control policy; and sharing the embedded artifact with a second user that is authorized to access the embedded artifact based on the restrictive version of the restricted access control policy. 8. A system, comprising: memory; and one or more processors coupled to the memory, the one or more processors configured to: identify an embedded artifact associated with a first access control policy; detect an association of the embedded artifact with a resource container, wherein the resource container is associated with a second access control policy; create a restricted access control policy, wherein the restricted access control policy is provided by an intersection of the first access policy and the second access control policy; associate the embedded artifact with at least a subset of an the restricted access control policy of with the resource container; responsive to receiving an access request to access the embedded artifact, apply the restricted access control policy associated with the resource container for determining whether the access request is grantable; and share the embedded artifact with a user that is authorized to access the embedded artifact based on the restricted access control policy. 9. The system of claim 8 , wherein the embedded artifact is provided by one of: a file or a second resource container. 10. The system of claim 8 , wherein the embedded artifact comprises a first part associated with a first subset of the first access control policy and a second part associated with a second subset of the first access control policy. 11. The system of claim 8 , wherein associating the embedded artifact with the subset of the restricted access control policy is performed using an access control policy pointer stored in metadata of the embedded artifact. 12. The system of claim 8 , wherein applying the restricted access control policy associated with the resource container further comprises: identifying a permission associated, by the restricted access control policy, with a user group associated with a user that initiated the access request; and determining whether the permission matches an access type specified by the access request. 13. The system of claim 8 , wherein the one or more processors are further configured to: create a copy of the restricted access control policy; associate the embedded artifact with the copy of the restricted access control policy; and disassociate the embedded artifact from the resource container. 14. The system of claim 8 , wherein the one or more processors are further configured to: create a restrictive version of the restricted access control policy; associate the embedded artifact with the restrictive version of the restricted access control policy; redact a part of the embedded artifact based on the restrictive version of the restricted access control policy; and share the embedded artifact with a second user that is authorized to access the embedded artifact based on the restrictive version of the restricted access control policy. 15. A non-transitory computer readable storage medium comprising executable instructions that, when executed by a computer system, cause the computer system to: identify an embedded artifact associated with a first access control policy; detect an association of the embedded artifact with a resource container, wherein the resource container is associated with a second access control policy; identify a restricted access control policy, wherein the restricted access control policy is provided by an intersection of the first access policy and the second access control policy; initialize an access control policy pointer of the embedded artifact to reference an access control policy associated with the resource container; associate the embedded artifact with the restricted access control policy; responsive to receiving an access request to access the embedded artifact, apply the restricted access control policy associated with the resource container for determining whether the access request is grantable; and share the embedded artifact with a user that is authorized to access the embedded artifact based on the restricted access control policy. 16. The non-transitory computer readable storage medium of claim 15 , wherein the embedded artifact is provided by one of: a file or a second resource container. 17. The non-transitory computer readable storage medium of claim 15 , wherein the embedded artifact comprises a first part associated with a first subset of the first access control policy and a second part associated with a second subset of the first access control policy. 18. The non-transitory computer readable storage medium of claim 15 , wherein applying the restricted access control policy associated with the resource container further comprises: identifying a permission associated, by the restricted access control policy, with a user group associated with a user that initiated the access request; and determining whether the permission matches an access type specified by the access request. 19. The non-transitory compute