Access-control policies play a central role in controlling the dissemination of sensitive data. As these policies have grown increasingly complex, scientists have created domain-specific, declarative policy languages for their expression. These languages induce a variety of analysis problems while affording interesting opportunities. I will discuss some of these problems and opportunities and will evaluate the solutions on the policy of Continue, our conference paper management application.