I'm not sure how much experience you have in the testing domain, but using pairwise testing could help. Apologies if you know this technique already, but it involves checking that all combination elements are tested but not necessarily all combinations. As an example, if checking that the right levels of security access are being applied, from a sample consisting of account handlers, IT staff in the London and Leeds offices, divided into permanent and temporary staff, you could check access for:
- permanent account handlers in Leeds
- temporary IT staff in London
- permanent auditors in Leeds
Under pairwise testing, you wouldn't need any other cases because each element has been tested at least once