How can you display Authorizations or ACLs in a usable way?

Question

Clients need to know who can do what in an application. When someone leaves a company or joins it or roles change, application permissions get lost in the shuffle.
They aren't visible, so they aren't noticed.

How can we best represent this to our users so they can see and take action on bad permissions or ACLs?

Is it better to show "Who can do What" or "What, and Who can do it"?

Answer 1

This question did it's best, and it earned me the highly coveted "Tumbleweed" badge. But it looks like the right forum was the new UI stackexchange, where a better phrasing of this ACL UI question got at least one answer.

Help me not get another tumbleweed by answering this: http://stackoverflow.com/questions/3551937/why-is-my-inputstream-not-working-in-android