This paper describes the design and development of a flexible domain-based access control infrastructure for distributed Collaborative Environments. The paper proposes extensions to classical RBAC models to address typical problems and tasks in the distributed hierarchical resource organisation that came from the practical experience in developing industry oriented virtual laboratories infrastructure, particular: hierarchical resources policy administration, user roles management, dynamic security context and authorisation session management. The paper provides implementation details on the use of XACML for finegrained access control policy definition for domain based resources and roles organisation. The paper analyses the required functionality and suggests extensions to the major service-oriented access generic framework such as Acegi, Globus Toolkit Authorisation framework, and GAAA Authorisation framework in order to support complex resource organisation and collaboration scenarios in dynamic virtualised environments. The paper is based on experiences gained from the industry funded project Collaboratory.nl and other major Grid-based and Grid-oriented projects in collaborative applications and complex resource provisioning.