diff --git a/redfish-core/include/node.hpp b/redfish-core/include/node.hpp
index 908d1a6..a33c8e0 100644
--- a/redfish-core/include/node.hpp
+++ b/redfish-core/include/node.hpp
@@ -29,9 +29,7 @@
 class Node {
  public:
   template <typename... Params>
-  Node(CrowApp& app, EntityPrivileges&& entityPrivileges,
-       std::string&& entityUrl, Params... params)
-      : entityPrivileges(std::move(entityPrivileges)) {
+  Node(CrowApp& app, std::string&& entityUrl, Params... params) {
     app.route_dynamic(entityUrl.c_str())
         .methods("GET"_method, "PATCH"_method, "POST"_method,
                  "DELETE"_method)([&](const crow::request& req,
@@ -86,6 +84,8 @@
     }
   }
 
+  OperationMap entityPrivileges;
+
  protected:
   // Node is designed to be an abstract class, so doGet is pure virtual
   virtual void doGet(crow::response& res, const crow::request& req,
@@ -118,8 +118,8 @@
     auto ctx =
         app.template get_context<crow::TokenAuthorization::Middleware>(req);
 
-    if (!entityPrivileges.isMethodAllowedForUser(req.method,
-                                                 ctx.session->username)) {
+    if (!isMethodAllowedForUser(req.method, entityPrivileges,
+                                ctx.session->username)) {
       res.code = static_cast<int>(HttpRespCode::METHOD_NOT_ALLOWED);
       res.end();
       return;
@@ -148,8 +148,6 @@
     }
     return;
   }
-
-  EntityPrivileges entityPrivileges;
 };
 
 }  // namespace redfish
diff --git a/redfish-core/include/privileges.hpp b/redfish-core/include/privileges.hpp
index 2cc52b5..4014d61 100644
--- a/redfish-core/include/privileges.hpp
+++ b/redfish-core/include/privileges.hpp
@@ -19,13 +19,10 @@
 #include <cstdint>
 #include "crow.h"
 #include <boost/container/flat_map.hpp>
-#include <boost/container/flat_set.hpp>
 #include <boost/optional.hpp>
 
 namespace redfish {
 
-class PrivilegeProvider;
-
 enum class PrivilegeType { BASE, OEM };
 
 /** @brief Max number of privileges per type  */
@@ -34,16 +31,12 @@
 using privilegeBitset = std::bitset<MAX_PRIVILEGE_COUNT>;
 
 /** @brief Number of mappings must be <= MAX_PRIVILEGE_COUNT */
-static const boost::container::flat_map<std::string, size_t>
-    basePrivNameToIndexMap = {{"Login", 0},
-                              {"ConfigureManager", 1},
-                              {"ConfigureComponents", 2},
-                              {"ConfigureSelf", 3},
-                              {"ConfigureUsers", 4}};
+static const std::vector<std::string> privilegeNames{
+    "Login", "ConfigureManager", "ConfigureComponents", "ConfigureSelf",
+    "ConfigureUsers"};
 
 /** @brief Number of mappings must be <= MAX_PRIVILEGE_COUNT */
-static const boost::container::flat_map<std::string, size_t>
-    oemPrivNameToIndexMap = {};
+static const std::vector<std::string> oemPrivilegeNames{};
 
 /**
  * @brief Redfish privileges
@@ -75,29 +68,16 @@
    * @param[in] privilegeList  List of privileges to be activated
    *
    */
-  Privileges(std::initializer_list<std::string> privilegeList) {
-    for (const auto& privilege : privilegeList) {
-      setSinglePrivilege(privilege);
+  Privileges(std::initializer_list<const char*> privilegeList) {
+    for (const char* privilege : privilegeList) {
+      if (!setSinglePrivilege(privilege)) {
+        CROW_LOG_CRITICAL << "Unable to set privilege " << privilege
+                          << "in constructor";
+      }
     }
   }
 
   /**
-   * @brief Retrieves the base privileges bitset
-   *
-   * @return          Bitset representation of base Redfish privileges
-   *
-   */
-  privilegeBitset getBasePrivilegeBitset() const { return basePrivilegeBitset; }
-
-  /**
-   * @brief Retrieves the OEM privileges bitset
-   *
-   * @return          Bitset representation of OEM Redfish privileges
-   *
-   */
-  privilegeBitset getOEMPrivilegeBitset() const { return oemPrivilegeBitset; }
-
-  /**
    * @brief Sets given privilege in the bitset
    *
    * @param[in] privilege  Privilege to be set
@@ -105,17 +85,31 @@
    * @return               None
    *
    */
-  void setSinglePrivilege(const std::string& privilege) {
-    auto index = getBitsetIndexForPrivilege(privilege, PrivilegeType::BASE);
-    if (index) {
-      basePrivilegeBitset.set(*index);
-      return;
+  bool setSinglePrivilege(const char* privilege) {
+    int32_t index = getBitsetIndexForPrivilege(privilege, PrivilegeType::BASE);
+    if (index >= 0) {
+      basePrivilegeBitset.set(index);
+      return true;
     }
 
     index = getBitsetIndexForPrivilege(privilege, PrivilegeType::OEM);
-    if (index) {
-      oemPrivilegeBitset.set(*index);
+    if (index >= 0) {
+      oemPrivilegeBitset.set(index);
+      return true;
     }
+    return false;
+  }
+
+  /**
+   * @brief Sets given privilege in the bitset
+   *
+   * @param[in] privilege  Privilege to be set
+   *
+   * @return               None
+   *
+   */
+  bool setSinglePrivilege(const std::string& privilege) {
+    return setSinglePrivilege(privilege.c_str());
   }
 
   /**
@@ -123,201 +117,125 @@
    *
    * @param[in] type    Base or OEM
    *
-   * @return            Vector of active privileges
+   * @return            Vector of active privileges.  Pointers are valid until
+   * the privilege structure is modified
    *
    */
-  std::vector<std::string> getActivePrivilegeNames(
+  std::vector<const std::string*> getActivePrivilegeNames(
       const PrivilegeType type) const {
-    std::vector<std::string> activePrivileges;
+    std::vector<const std::string*> activePrivileges;
 
     if (type == PrivilegeType::BASE) {
-      for (const auto& pair : basePrivNameToIndexMap) {
-        if (basePrivilegeBitset.test(pair.second)) {
-          activePrivileges.emplace_back(pair.first);
+      for (std::size_t index = 0; index < privilegeNames.size(); index++) {
+        if (basePrivilegeBitset.test(index)) {
+          activePrivileges.emplace_back(&privilegeNames[index]);
         }
       }
     } else {
-      for (const auto& pair : oemPrivNameToIndexMap) {
-        if (oemPrivilegeBitset.test(pair.second)) {
-          activePrivileges.emplace_back(pair.first);
+      for (std::size_t index = 0; index < oemPrivilegeNames.size(); index++) {
+        {
+          if (oemPrivilegeBitset.test(index)) {
+            activePrivileges.emplace_back(&oemPrivilegeNames[index]);
+          }
         }
       }
     }
-
     return activePrivileges;
   }
 
+  /**
+   * @brief Determines if this Privilege set is a superset of the given
+   * privilege set
+   *
+   * @param[in] privilege  Privilege to be checked
+   *
+   * @return               None
+   *
+   */
+  bool isSupersetOf(const Privileges& p) const {
+    bool has_base =
+        (basePrivilegeBitset & p.basePrivilegeBitset) == p.basePrivilegeBitset;
+
+    bool has_oem =
+        (oemPrivilegeBitset & p.oemPrivilegeBitset) == p.oemPrivilegeBitset;
+    return has_base & has_oem;
+  }
+
  private:
-  boost::optional<size_t> getBitsetIndexForPrivilege(
-      const std::string& privilege, const PrivilegeType type) const {
+  int32_t getBitsetIndexForPrivilege(const char* privilege,
+                                     const PrivilegeType type) const {
     if (type == PrivilegeType::BASE) {
-      const auto pair = basePrivNameToIndexMap.find(privilege);
-      if (pair != basePrivNameToIndexMap.end()) {
-        return pair->second;
+      for (std::size_t index = 0; index < privilegeNames.size(); index++) {
+        if (privilege == privilegeNames[index]) {
+          return index;
+        }
       }
     } else {
-      const auto pair = oemPrivNameToIndexMap.find(privilege);
-      if (pair != oemPrivNameToIndexMap.end()) {
-        return pair->second;
+      for (std::size_t index = 0; index < oemPrivilegeNames.size(); index++) {
+        if (privilege == oemPrivilegeNames[index]) {
+          return index;
+        }
       }
     }
 
-    return boost::none;
+    return -1;
   }
 
-  privilegeBitset basePrivilegeBitset;
-  privilegeBitset oemPrivilegeBitset;
-
-  friend class PrivilegeProvider;
+  privilegeBitset basePrivilegeBitset = 0;
+  privilegeBitset oemPrivilegeBitset = 0;
 };
 
 using OperationMap =
     boost::container::flat_map<crow::HTTPMethod, std::vector<Privileges>>;
 
 /**
- * @brief  Class used to store overrides privileges for Redfish
- *         entities
+ * @brief Checks if given privileges allow to call an HTTP method
+ *
+ * @param[in] method       HTTP method
+ * @param[in] user         Privileges
+ *
+ * @return                 True if method allowed, false otherwise
  *
  */
-class EntityPrivilegesOverride {
- protected:
-  /**
-   * @brief Constructs overrides object for given targets
-   *
-   * @param[in] operationMap Operation map to be applied for targets
-   * @param[in] targets      List of targets whOperation map to be applied for
-   * targets
-   *
-   */
-  EntityPrivilegesOverride(OperationMap&& operationMap,
-                           std::initializer_list<std::string>&& targets)
-      : operationMap(std::move(operationMap)), targets(std::move(targets)) {}
-
-  const OperationMap operationMap;
-  const boost::container::flat_set<std::string> targets;
-};
-
-class PropertyOverride : public EntityPrivilegesOverride {
- public:
-  PropertyOverride(OperationMap&& operationMap,
-                   std::initializer_list<std::string>&& targets)
-      : EntityPrivilegesOverride(std::move(operationMap), std::move(targets)) {}
-};
-
-class SubordinateOverride : public EntityPrivilegesOverride {
- public:
-  SubordinateOverride(OperationMap&& operationMap,
-                      std::initializer_list<std::string>&& targets)
-      : EntityPrivilegesOverride(std::move(operationMap), std::move(targets)) {}
-};
-
-class ResourceURIOverride : public EntityPrivilegesOverride {
- public:
-  ResourceURIOverride(OperationMap&& operationMap,
-                      std::initializer_list<std::string>&& targets)
-      : EntityPrivilegesOverride(std::move(operationMap), std::move(targets)) {}
-};
-
-/**
- * @brief  Class used to store privileges for Redfish entities
- *
- */
-class EntityPrivileges {
- public:
-  /**
-   * @brief Constructor for default case with no overrides
-   *
-   * @param[in] operationMap Operation map for the entity
-   *
-   */
-  EntityPrivileges(OperationMap&& operationMap)
-      : operationMap(std::move(operationMap)) {}
-
-  /**
-   * @brief Constructors for overrides
-   *
-   * @param[in] operationMap         Default operation map for the entity
-   * @param[in] propertyOverrides    Vector of property overrides
-   * @param[in] subordinateOverrides Vector of subordinate overrides
-   * @param[in] resourceURIOverrides Vector of resource URI overrides
-   *
-   */
-  EntityPrivileges(OperationMap&& operationMap,
-                   std::vector<PropertyOverride>&& propertyOverrides,
-                   std::vector<SubordinateOverride>&& subordinateOverrides,
-                   std::vector<ResourceURIOverride>&& resourceURIOverrides)
-      : operationMap(std::move(operationMap)),
-        propertyOverrides(std::move(propertyOverrides)),
-        subordinateOverrides(std::move(subordinateOverrides)),
-        resourceURIOverrides(std::move(resourceURIOverrides)) {}
-
-  /**
-   * @brief Checks if a user is allowed to call an HTTP method
-   *
-   * @param[in] method       HTTP method
-   * @param[in] user         Username
-   *
-   * @return                 True if method allowed, false otherwise
-   *
-   */
-  bool isMethodAllowedForUser(const crow::HTTPMethod method,
-                              const std::string& user) const {
-    // TODO: load user privileges from configuration as soon as its available
-    // now we are granting all privileges to everyone.
-    auto userPrivileges =
-        Privileges{"Login", "ConfigureManager", "ConfigureSelf",
-                   "ConfigureUsers", "ConfigureComponents"};
-
-    return isMethodAllowedWithPrivileges(method, userPrivileges);
-  }
-
-  /**
-   * @brief Checks if given privileges allow to call an HTTP method
-   *
-   * @param[in] method       HTTP method
-   * @param[in] user         Privileges
-   *
-   * @return                 True if method allowed, false otherwise
-   *
-   */
-  bool isMethodAllowedWithPrivileges(const crow::HTTPMethod method,
-                                     const Privileges& userPrivileges) const {
-    if (operationMap.find(method) == operationMap.end()) {
-      return false;
-    }
-
-    for (auto& requiredPrivileges : operationMap.at(method)) {
-      // Check if user has required base privileges
-      if (!verifyPrivileges(userPrivileges.getBasePrivilegeBitset(),
-                            requiredPrivileges.getBasePrivilegeBitset())) {
-        continue;
-      }
-
-      // Check if user has required OEM privileges
-      if (!verifyPrivileges(userPrivileges.getOEMPrivilegeBitset(),
-                            requiredPrivileges.getOEMPrivilegeBitset())) {
-        continue;
-      }
-
-      return true;
-    }
+inline bool isMethodAllowedWithPrivileges(const crow::HTTPMethod method,
+                                          const OperationMap& operationMap,
+                                          const Privileges& userPrivileges) {
+  const auto& it = operationMap.find(method);
+  if (it == operationMap.end()) {
     return false;
   }
 
- private:
-  bool verifyPrivileges(const privilegeBitset userPrivilegeBitset,
-                        const privilegeBitset requiredPrivilegeBitset) const {
-    return (userPrivilegeBitset & requiredPrivilegeBitset) ==
-           requiredPrivilegeBitset;
+  // If there are no privileges assigned, assume no privileges required
+  if (it->second.empty()) {
+    return true;
   }
 
-  OperationMap operationMap;
+  for (auto& requiredPrivileges : it->second) {
+    if (userPrivileges.isSupersetOf(requiredPrivileges)) {
+      return true;
+    }
+  }
+  return false;
+}
 
-  // Overrides are not implemented at the moment.
-  std::vector<PropertyOverride> propertyOverrides;
-  std::vector<SubordinateOverride> subordinateOverrides;
-  std::vector<ResourceURIOverride> resourceURIOverrides;
-};
+/**
+ * @brief Checks if a user is allowed to call an HTTP method
+ *
+ * @param[in] method       HTTP method
+ * @param[in] user         Username
+ *
+ * @return                 True if method allowed, false otherwise
+ *
+ */
+inline bool isMethodAllowedForUser(const crow::HTTPMethod method,
+                                   const OperationMap& operationMap,
+                                   const std::string& user) {
+  // TODO: load user privileges from configuration as soon as its available
+  // now we are granting all privileges to everyone.
+  Privileges userPrivileges{"Login", "ConfigureManager", "ConfigureSelf",
+                            "ConfigureUsers", "ConfigureComponents"};
+
+  return isMethodAllowedWithPrivileges(method, operationMap, userPrivileges);
+}
 
 }  // namespace redfish
-
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index dafa605..b58ff11 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -19,19 +19,11 @@
 
 namespace redfish {
 
-static OperationMap accountServiceOpMap = {
-    {crow::HTTPMethod::GET, {{"ConfigureUsers"}, {"ConfigureManager"}}},
-    {crow::HTTPMethod::HEAD, {{"Login"}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureUsers"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureUsers"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureUsers"}}},
-    {crow::HTTPMethod::POST, {{"ConfigureUsers"}}}};
-
 class AccountService : public Node {
  public:
   template <typename CrowApp>
   AccountService(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(accountServiceOpMap)),
+      : Node(app,
              "/redfish/v1/AccountService/") {
     Node::json["@odata.id"] = "/redfish/v1/AccountService";
     Node::json["@odata.type"] = "#AccountService.v1_1_0.AccountService";
@@ -48,6 +40,14 @@
     Node::json["MaxPasswordLength"] = 20;
     Node::json["Accounts"]["@odata.id"] = "/redfish/v1/AccountService/Accounts";
     Node::json["Roles"]["@odata.id"] = "/redfish/v1/AccountService/Roles";
+
+    entityPrivileges = {
+        {crow::HTTPMethod::GET, {{"ConfigureUsers"}, {"ConfigureManager"}}},
+        {crow::HTTPMethod::HEAD, {{"Login"}}},
+        {crow::HTTPMethod::PATCH, {{"ConfigureUsers"}}},
+        {crow::HTTPMethod::PUT, {{"ConfigureUsers"}}},
+        {crow::HTTPMethod::DELETE, {{"ConfigureUsers"}}},
+        {crow::HTTPMethod::POST, {{"ConfigureUsers"}}}};
   }
 
  private:
diff --git a/redfish-core/lib/managers.hpp b/redfish-core/lib/managers.hpp
index 0a56da7..ad042cb 100644
--- a/redfish-core/lib/managers.hpp
+++ b/redfish-core/lib/managers.hpp
@@ -19,27 +19,9 @@
 
 namespace redfish {
 
-static OperationMap managerOpMap = {
-    {crow::HTTPMethod::GET, {{"Login"}}},
-    {crow::HTTPMethod::HEAD, {{"Login"}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
-
-static OperationMap managerCollectionOpMap = {
-    {crow::HTTPMethod::GET, {{"Login"}}},
-    {crow::HTTPMethod::HEAD, {{"Login"}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
-
 class Manager : public Node {
  public:
-  Manager(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(managerOpMap)),
-             "/redfish/v1/Managers/openbmc/") {
+  Manager(CrowApp& app) : Node(app, "/redfish/v1/Managers/openbmc/") {
     Node::json["@odata.id"] = "/redfish/v1/Managers/openbmc";
     Node::json["@odata.type"] = "#Manager.v1_3_0.Manager";
     Node::json["@odata.context"] = "/redfish/v1/$metadata#Manager.Manager";
@@ -55,6 +37,13 @@
             .system_uuid;
     Node::json["Model"] = "OpenBmc";               // TODO(ed), get model
     Node::json["FirmwareVersion"] = "1234456789";  // TODO(ed), get fwversion
+
+    entityPrivileges = {{crow::HTTPMethod::GET, {{"Login"}}},
+                        {crow::HTTPMethod::HEAD, {{"Login"}}},
+                        {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
   }
 
  private:
@@ -84,9 +73,7 @@
 class ManagerCollection : public Node {
  public:
   ManagerCollection(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(managerCollectionOpMap)),
-             "/redfish/v1/Managers/"),
-        memberManager(app) {
+      : Node(app, "/redfish/v1/Managers/"), memberManager(app) {
     Node::json["@odata.id"] = "/redfish/v1/Managers";
     Node::json["@odata.type"] = "#ManagerCollection.ManagerCollection";
     Node::json["@odata.context"] =
@@ -94,6 +81,13 @@
     Node::json["Name"] = "Manager Collection";
     Node::json["Members@odata.count"] = 1;
     Node::json["Members"] = {{"@odata.id", "/redfish/v1/Managers/openbmc"}};
+
+    entityPrivileges = {{crow::HTTPMethod::GET, {{"Login"}}},
+                        {crow::HTTPMethod::HEAD, {{"Login"}}},
+                        {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
   }
 
  private:
diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp
index 2b45b40..1410122 100644
--- a/redfish-core/lib/network_protocol.hpp
+++ b/redfish-core/lib/network_protocol.hpp
@@ -19,18 +19,10 @@
 
 namespace redfish {
 
-static OperationMap managerNetworkProtocolOpMap = {
-    {crow::HTTPMethod::GET, {{"Login"}}},
-    {crow::HTTPMethod::HEAD, {{"Login"}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
-
 class NetworkProtocol : public Node {
  public:
   NetworkProtocol(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(managerNetworkProtocolOpMap)),
+      : Node(app,
              "/redfish/v1/Managers/openbmc/NetworkProtocol") {
     Node::json["@odata.type"] =
         "#ManagerNetworkProtocol.v1_1_0.ManagerNetworkProtocol";
@@ -43,6 +35,13 @@
     Node::json["Status"]["Health"] = "OK";
     Node::json["Status"]["HealthRollup"] = "OK";
     Node::json["Status"]["State"] = "Enabled";
+
+    entityPrivileges = {{crow::HTTPMethod::GET, {{"Login"}}},
+                        {crow::HTTPMethod::HEAD, {{"Login"}}},
+                        {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
   }
 
  private:
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index 4225cc1..326d5e0 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp
@@ -20,41 +20,23 @@
 
 namespace redfish {
 
-static OperationMap sessionOpMap = {
-    {crow::HTTPMethod::GET, {{"Login"}}},
-    {crow::HTTPMethod::HEAD, {{"Login"}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
-
-static OperationMap sessionCollectionOpMap = {
-    {crow::HTTPMethod::GET, {{"Login"}}},
-    {crow::HTTPMethod::HEAD, {{"Login"}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::POST, {{}}}};
-
-static OperationMap sessionServiceOpMap = {
-    {crow::HTTPMethod::GET, {{"Login"}}},
-    {crow::HTTPMethod::HEAD, {{"Login"}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
-
 class SessionCollection;
 
 class Sessions : public Node {
  public:
   Sessions(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(sessionOpMap)),
-             "/redfish/v1/SessionService/Sessions/<str>", std::string()) {
+      : Node(app, "/redfish/v1/SessionService/Sessions/<str>", std::string()) {
     Node::json["@odata.type"] = "#Session.v1_0_2.Session";
     Node::json["@odata.context"] = "/redfish/v1/$metadata#Session.Session";
     Node::json["Name"] = "User Session";
     Node::json["Description"] = "Manager User Session";
+
+    entityPrivileges = {{crow::HTTPMethod::GET, {{"Login"}}},
+                        {crow::HTTPMethod::HEAD, {{"Login"}}},
+                        {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
   }
 
  private:
@@ -112,9 +94,7 @@
 class SessionCollection : public Node {
  public:
   SessionCollection(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(sessionCollectionOpMap)),
-             "/redfish/v1/SessionService/Sessions/"),
-        memberSession(app) {
+      : Node(app, "/redfish/v1/SessionService/Sessions/"), memberSession(app) {
     Node::json["@odata.type"] = "#SessionCollection.SessionCollection";
     Node::json["@odata.id"] = "/redfish/v1/SessionService/Sessions/";
     Node::json["@odata.context"] =
@@ -123,6 +103,13 @@
     Node::json["Description"] = "Session Collection";
     Node::json["Members@odata.count"] = 0;
     Node::json["Members"] = nlohmann::json::array();
+
+    entityPrivileges = {{crow::HTTPMethod::GET, {{"Login"}}},
+                        {crow::HTTPMethod::HEAD, {{"Login"}}},
+                        {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::POST, {}}};
   }
 
  private:
@@ -243,9 +230,7 @@
 
 class SessionService : public Node {
  public:
-  SessionService(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(sessionServiceOpMap)),
-             "/redfish/v1/SessionService/") {
+  SessionService(CrowApp& app) : Node(app, "/redfish/v1/SessionService/") {
     Node::json["@odata.type"] = "#SessionService.v1_0_2.SessionService";
     Node::json["@odata.id"] = "/redfish/v1/SessionService/";
     Node::json["@odata.context"] =
@@ -258,6 +243,13 @@
     Node::json["Status"]["Health"] = "OK";
     Node::json["Status"]["HealthRollup"] = "OK";
     Node::json["ServiceEnabled"] = true;
+
+    entityPrivileges = {{crow::HTTPMethod::GET, {{"Login"}}},
+                        {crow::HTTPMethod::HEAD, {{"Login"}}},
+                        {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
   }
 
  private:
diff --git a/redfish-core/lib/roles.hpp b/redfish-core/lib/roles.hpp
index f1a1c61..fc804c2 100644
--- a/redfish-core/lib/roles.hpp
+++ b/redfish-core/lib/roles.hpp
@@ -19,27 +19,10 @@
 
 namespace redfish {
 
-static OperationMap roleOpMap = {
-    {crow::HTTPMethod::GET, {{"Login"}}},
-    {crow::HTTPMethod::HEAD, {{"Login"}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
-
-static OperationMap roleCollectionOpMap = {
-    {crow::HTTPMethod::GET, {{"Login"}}},
-    {crow::HTTPMethod::HEAD, {{"Login"}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
-    {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
-
 class Roles : public Node {
  public:
   Roles(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(roleOpMap)),
-             "/redfish/v1/AccountService/Roles/Administrator/") {
+      : Node(app, "/redfish/v1/AccountService/Roles/Administrator/") {
     Node::json["@odata.id"] = "/redfish/v1/AccountService/Roles/Administrator";
     Node::json["@odata.type"] = "#Role.v1_0_2.Role";
     Node::json["@odata.context"] = "/redfish/v1/$metadata#Role.Role";
@@ -51,6 +34,12 @@
                                         "ConfigureUsers", "ConfigureSelf",
                                         "ConfigureComponents"};
     Node::json["OemPrivileges"] = nlohmann::json::array();
+    entityPrivileges = {{crow::HTTPMethod::GET, {{"Login"}}},
+                        {crow::HTTPMethod::HEAD, {{"Login"}}},
+                        {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
   }
 
  private:
@@ -64,8 +53,7 @@
 class RoleCollection : public Node {
  public:
   RoleCollection(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(roleCollectionOpMap)),
-             "/redfish/v1/AccountService/Roles/") {
+      : Node(app, "/redfish/v1/AccountService/Roles/") {
     Node::json["@odata.id"] = "/redfish/v1/AccountService/Roles";
     Node::json["@odata.type"] = "#RoleCollection.RoleCollection";
     Node::json["@odata.context"] =
@@ -75,6 +63,13 @@
     Node::json["Members@odata.count"] = 1;
     Node::json["Members"] = {
         {"@odata.id", "/redfish/v1/AccountService/Roles/Administrator"}};
+
+    entityPrivileges = {{crow::HTTPMethod::GET, {{"Login"}}},
+                        {crow::HTTPMethod::HEAD, {{"Login"}}},
+                        {crow::HTTPMethod::PATCH, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::PUT, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::DELETE, {{"ConfigureManager"}}},
+                        {crow::HTTPMethod::POST, {{"ConfigureManager"}}}};
   }
 
  private:
diff --git a/redfish-core/lib/service_root.hpp b/redfish-core/lib/service_root.hpp
index 0afc0a2..c57d3e7 100644
--- a/redfish-core/lib/service_root.hpp
+++ b/redfish-core/lib/service_root.hpp
@@ -19,19 +19,9 @@
 
 namespace redfish {
 
-static OperationMap serviceRootOpMap = {
-    {crow::HTTPMethod::GET, {{}}},
-    {crow::HTTPMethod::HEAD, {{}}},
-    {crow::HTTPMethod::PATCH, {{"ConfigureComponents"}}},
-    {crow::HTTPMethod::PUT, {{"ConfigureComponents"}}},
-    {crow::HTTPMethod::DELETE, {{"ConfigureComponents"}}},
-    {crow::HTTPMethod::POST, {{"ConfigureComponents"}}}};
-
 class ServiceRoot : public Node {
  public:
-  ServiceRoot(CrowApp& app)
-      : Node(app, EntityPrivileges(std::move(serviceRootOpMap)),
-             "/redfish/v1/") {
+  ServiceRoot(CrowApp& app) : Node(app, "/redfish/v1/") {
     Node::json["@odata.type"] = "#ServiceRoot.v1_1_1.ServiceRoot";
     Node::json["@odata.id"] = "/redfish/v1/";
     Node::json["@odata.context"] =
@@ -44,6 +34,13 @@
     Node::json["UUID"] =
         app.template get_middleware<crow::PersistentData::Middleware>()
             .system_uuid;
+
+    entityPrivileges = {{crow::HTTPMethod::GET, {}},
+                        {crow::HTTPMethod::HEAD, {}},
+                        {crow::HTTPMethod::PATCH, {{"ConfigureComponents"}}},
+                        {crow::HTTPMethod::PUT, {{"ConfigureComponents"}}},
+                        {crow::HTTPMethod::DELETE, {{"ConfigureComponents"}}},
+                        {crow::HTTPMethod::POST, {{"ConfigureComponents"}}}};
   }
 
  private:
diff --git a/redfish-core/ut/privileges_test.cpp b/redfish-core/ut/privileges_test.cpp
index 193fd7d..36e02c6 100644
--- a/redfish-core/ut/privileges_test.cpp
+++ b/redfish-core/ut/privileges_test.cpp
@@ -7,134 +7,108 @@
 using namespace redfish;
 
 TEST(PrivilegeTest, PrivilegeConstructor) {
-  Privileges privileges = {"Login", "ConfigureManager"};
+  Privileges privileges{"Login", "ConfigureManager"};
 
-  auto activePrivileges =
-      privileges.getActivePrivilegeNames(PrivilegeType::BASE);
-  std::vector<std::string> expectedPrivileges{"Login", "ConfigureManager"};
-
-  std::sort(expectedPrivileges.begin(), expectedPrivileges.end());
-  std::sort(activePrivileges.begin(), activePrivileges.end());
-
-  EXPECT_EQ(expectedPrivileges, activePrivileges);
+  EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
+              ::testing::UnorderedElementsAre(
+                  ::testing::Pointee(&"Login"[0]),
+                  ::testing::Pointee(&"ConfigureManager"[0])));
 }
 
 TEST(PrivilegeTest, PrivilegeCheckForNoPrivilegesRequired) {
-  auto userPrivileges = Privileges{"Login"};
-  OperationMap operationMap = {{crow::HTTPMethod::GET, {{}}}};
-  auto entityPrivileges = EntityPrivileges(std::move(operationMap));
+  Privileges userPrivileges{"Login"};
 
-  EXPECT_TRUE(entityPrivileges.isMethodAllowedWithPrivileges(
-      crow::HTTPMethod::GET, userPrivileges));
+  OperationMap entityPrivileges{{crow::HTTPMethod::GET, {{"Login"}}}};
+
+  EXPECT_TRUE(isMethodAllowedWithPrivileges(crow::HTTPMethod::GET,
+                                            entityPrivileges, userPrivileges));
 }
 
 TEST(PrivilegeTest, PrivilegeCheckForSingleCaseSuccess) {
   auto userPrivileges = Privileges{"Login"};
-  OperationMap operationMap = {{crow::HTTPMethod::GET, {{"Login"}}}};
-  auto entityPrivileges = EntityPrivileges(std::move(operationMap));
+  OperationMap entityPrivileges{{crow::HTTPMethod::GET, {}}};
 
-  EXPECT_TRUE(entityPrivileges.isMethodAllowedWithPrivileges(
-      crow::HTTPMethod::GET, userPrivileges));
+  EXPECT_TRUE(isMethodAllowedWithPrivileges(crow::HTTPMethod::GET,
+                                            entityPrivileges, userPrivileges));
 }
 
 TEST(PrivilegeTest, PrivilegeCheckForSingleCaseFailure) {
   auto userPrivileges = Privileges{"Login"};
-  OperationMap operationMap = {{crow::HTTPMethod::GET, {{"ConfigureManager"}}}};
-  auto entityPrivileges = EntityPrivileges(std::move(operationMap));
+  OperationMap entityPrivileges{
+      {crow::HTTPMethod::GET, {{"ConfigureManager"}}}};
 
-  EXPECT_FALSE(entityPrivileges.isMethodAllowedWithPrivileges(
-      crow::HTTPMethod::GET, userPrivileges));
+  EXPECT_FALSE(isMethodAllowedWithPrivileges(crow::HTTPMethod::GET,
+                                             entityPrivileges, userPrivileges));
 }
 
 TEST(PrivilegeTest, PrivilegeCheckForANDCaseSuccess) {
   auto userPrivileges =
       Privileges{"Login", "ConfigureManager", "ConfigureSelf"};
-  OperationMap operationMap = {
+  OperationMap entityPrivileges{
       {crow::HTTPMethod::GET,
        {{"Login", "ConfigureManager", "ConfigureSelf"}}}};
-  auto entityPrivileges = EntityPrivileges(std::move(operationMap));
 
-  EXPECT_TRUE(entityPrivileges.isMethodAllowedWithPrivileges(
-      crow::HTTPMethod::GET, userPrivileges));
+  EXPECT_TRUE(isMethodAllowedWithPrivileges(crow::HTTPMethod::GET,
+                                            entityPrivileges, userPrivileges));
 }
 
 TEST(PrivilegeTest, PrivilegeCheckForANDCaseFailure) {
   auto userPrivileges = Privileges{"Login", "ConfigureManager"};
-  OperationMap operationMap = {
+  OperationMap entityPrivileges{
       {crow::HTTPMethod::GET,
        {{"Login", "ConfigureManager", "ConfigureSelf"}}}};
-  auto entityPrivileges = EntityPrivileges(std::move(operationMap));
 
-  EXPECT_FALSE(entityPrivileges.isMethodAllowedWithPrivileges(
-      crow::HTTPMethod::GET, userPrivileges));
+  EXPECT_FALSE(isMethodAllowedWithPrivileges(crow::HTTPMethod::GET,
+                                             entityPrivileges, userPrivileges));
 }
 
 TEST(PrivilegeTest, PrivilegeCheckForORCaseSuccess) {
   auto userPrivileges = Privileges{"ConfigureManager"};
-  OperationMap operationMap = {
+  OperationMap entityPrivileges{
       {crow::HTTPMethod::GET, {{"Login"}, {"ConfigureManager"}}}};
-  auto entityPrivileges = EntityPrivileges(std::move(operationMap));
 
-  EXPECT_TRUE(entityPrivileges.isMethodAllowedWithPrivileges(
-      crow::HTTPMethod::GET, userPrivileges));
+  EXPECT_TRUE(isMethodAllowedWithPrivileges(crow::HTTPMethod::GET,
+                                            entityPrivileges, userPrivileges));
 }
 
 TEST(PrivilegeTest, PrivilegeCheckForORCaseFailure) {
   auto userPrivileges = Privileges{"ConfigureComponents"};
-  OperationMap operationMap = {
-      {crow::HTTPMethod::GET, {{"Login"}, {"ConfigureManager"}}}};
-  auto entityPrivileges = EntityPrivileges(std::move(operationMap));
+  OperationMap entityPrivileges = OperationMap(
+      {{crow::HTTPMethod::GET, {{"Login"}, {"ConfigureManager"}}}});
 
-  EXPECT_FALSE(entityPrivileges.isMethodAllowedWithPrivileges(
-      crow::HTTPMethod::GET, userPrivileges));
+  EXPECT_FALSE(isMethodAllowedWithPrivileges(crow::HTTPMethod::GET,
+                                             entityPrivileges, userPrivileges));
 }
 
 TEST(PrivilegeTest, DefaultPrivilegeBitsetsAreEmpty) {
   Privileges privileges;
-  EXPECT_TRUE(privileges.getBasePrivilegeBitset() == 0);
-  EXPECT_TRUE(privileges.getOEMPrivilegeBitset() == 0);
-}
 
-TEST(PrivilegeTest, UniqueBitsAssignedForAllPrivilegeNames) {
-  Privileges privileges;
-  std::vector<std::string> expectedPrivileges{
-      "Login", "ConfigureManager", "ConfigureUsers", "ConfigureComponents",
-      "ConfigureSelf"};
+  EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
+              ::testing::IsEmpty());
 
-  for (const auto& privilege : expectedPrivileges) {
-    privileges.setSinglePrivilege(privilege);
-  }
-
-  EXPECT_EQ(privileges.getBasePrivilegeBitset().count(),
-            expectedPrivileges.size());
+  EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::OEM),
+              ::testing::IsEmpty());
 }
 
 TEST(PrivilegeTest, GetActivePrivilegeNames) {
   Privileges privileges;
 
-  EXPECT_EQ(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
-            std::vector<std::string>());
+  EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
+              ::testing::IsEmpty());
 
-  std::vector<std::string> expectedPrivileges{
+  std::array<const char*, 5> expectedPrivileges{
       "Login", "ConfigureManager", "ConfigureUsers", "ConfigureComponents",
       "ConfigureSelf"};
 
   for (const auto& privilege : expectedPrivileges) {
-    privileges.setSinglePrivilege(privilege);
+    EXPECT_TRUE(privileges.setSinglePrivilege(privilege));
   }
 
-  std::vector<std::string> activePrivileges =
-      privileges.getActivePrivilegeNames(PrivilegeType::BASE);
-
-  std::sort(expectedPrivileges.begin(), expectedPrivileges.end());
-  std::sort(activePrivileges.begin(), activePrivileges.end());
-
-  EXPECT_EQ(activePrivileges, expectedPrivileges);
-}
-
-TEST(PrivilegeTest, PropertyOverrideConstructor) {
-  OperationMap operationMap = {
-      {crow::HTTPMethod::GET, {{"Login"}, {"ConfigureManager"}}}};
-  PropertyOverride propertyOverride(std::move(operationMap),
-                                    {"Password", "Id"});
+  EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
+              ::testing::UnorderedElementsAre(
+                  ::testing::Pointee(expectedPrivileges[0]),
+                  ::testing::Pointee(expectedPrivileges[1]),
+                  ::testing::Pointee(expectedPrivileges[2]),
+                  ::testing::Pointee(expectedPrivileges[3]),
+                  ::testing::Pointee(expectedPrivileges[4])));
 }
