Designing a multiple level user permission system

I am working on a site that has a database schema like a tree. From top to bottom I have:

• One Company can have many
• Locations that can have many
• Fleets that can have many
• Vehicles

The user permission system has to be flexible in that someone can gain or have restricted access at any level of the tree. For example, a person that manages location x will by default have full access to all fleets below location x and all vehicles below location x. But I should also be able to restrict the user's access to any node below location x.

What would be the proper way to develop a schema for a permission system such as this? Would it be realistic to store each node a user has access to even though it would be kind of redundant? The goal is for me to be able to easily run queries for开发者_开发技巧 example to get all locations a user has access to.

You might find a number of threads on SO interesting. Among them:

Implementing permissions based on reputation

Database schema for ACL