Hi,
by paying I meant you will have to maintain granular control. So more complex control for access will require more effort to maintain it. It's same as with SAP security roles. If you have low number of roles and no exceptions then maintenance is much easier than when you have a unique role for each user. I am not aware of any commercial solution that would solve your problem.