Techniques to facilitate protecting control programs used in an industrial automation environment are disclosed herein. In at least one implementation, control system content provided by a primary entity is received along with a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to a secondary entity. A secondary security authority provided by the secondary entity is received, wherein the secondary security authority defines secondary usage rights for the control system content that further restrict the primary usage rights. A request is received from a user associated with the secondary entity to perform an action associated with the control system content, and the request is processed with the secondary security authority to determine if the user is authorized to perform the action associated with the control system content based on the secondary usage rights.