Access control services in the cloud require defining which users, applications, or functions can have access to which data to perform what kinds of operations. There are thus three dimensions: (1) which users can (2) perform which operations (3) on which data. We speak of: (1) principals (i.e., users or roles), (2) privileges, and (3) objects, corresponding to these three dimensions, respectively. The act of accessing gives rights and privileges such as using or releasing data, modifying the access rights or accomplishing certain tasks. Permission to access also requires identity management. Research studies identify the existence of dependency between usability and security, and that there exists a conflict between the two, for which trade-offs are difficult to evaluate and engineer. This paper proposes a novel methodology for assessing the usability of access control services while ensuring that security requirements are met. The proposed methodology assists in integrating the experience of both security and usability experts by using different Human Computer Interaction methods as a way to identify the usability and security problems in access control security services in the cloud, and capture solutions to resolve such problems.