A source engine system in a computing system retrieves a program code resource from one of a plurality of sources of program code. The program code resource is retrieved and placed in secure cache in the computing system. A user profile is impersonated by the computing system so that the computing system follows the user profile during retrieval of the resource. A source for the resource is picked, and the resource is opened. Whether the user has access to the resource is tested based on the user profile. If the user has access, the resource is read to the secure cache. The resource is written into the secure cache and verified that it is same as the resource in the source. If the user does not have access, a new source for the resource is picked, and the resource in the new source opened and read to the secure cache if the user has access to the resource in the new source.