If you read my previous blog on entitlements, you might think that it's not a big deal. After all, how much management overhead can there really be for a few groups in Active Directory that represent entitlements? Jackson Shaw from Quest Software quotes a customer in his blog as saying that

We have over 300,000 groups (distribution lists, security groups) scattered across our company. Forget about "managing" them! I'd simply like to know if they are even being used let alone what for!!

Quest's products deal with Active Directory and groups and my entitlement example uses Active Directory and groups (art imitates life!) but there are other ways entitlements and their lifecycle come up as challenges. Consider an instance of Oracle's e-Business Suite (EBS). Do you know how many roles and responsibilities (coarse-grained and fine-grained entitlements) are there across apps/modules in an EBS instance? Go ahead and ask your DBA, I dare you. I've seen an EBS installation with close to 50,000 responsibilities. Oh and then there's RACF and TopSecret, they deserve a blog post of their own.