Organization begins where you organize work with people.
Those. a person came to you with a request - this application should not be oral, it should be written in a machine-readable format with the ability to make a selection based on them. Indicate as much information as possible in the application - who, when, why ...
Enter clear rules for choosing the name of the balls, placements, etc. So that you can again automatically make selections and comparisons (search for resources and actions with them out of account).
A bit on the side
- do not give access to 'everyone', all resources should be targeted, only not people - but groups, management should be at the group level (since people constantly leave, then come, then a sore ... this also needs to be managed) .
- try not to issue resources 'forever', everything should have a time limit, let your system give you a reminder about this and even automatically remove access and even delete (send to the archive) the corresponding share.

"access rights" and "automate ... and simplify the provisioning process" are somewhat different things.
If it's a zoo (different file storages, a mixture of domain and non-domain accounts, etc.), then it would be nice to start at least with the following:
Row table - name of the category of employees (department, position or full name, if rights are assigned individually);
columns - folder/catalog/resource name;
at intersections, respectively, a mark on the access level;
Most likely, each directory has an owner (responsible for information) who determines to whom to grant access and at what level. Some tools allow the owner to enter information in the appropriate column for their directory.

I organized it like this - active directory (perfectly replaced by the same samba4) + samba shares = access based on ad groups