Members of an organization may use a wide range of technologies to facilitate a productive and efficient working environment. For example, various software and hardware resources may be used to develop new products. Such resources may include open source tools, cloud computing services, on-premises servers, data management tools, visualization tools, etc. Individual members (also referred to as users) may be granted access to one or more of these resources. Access management aims to manage the access rights for users across the organization. For organizations having a large number of users and/or resources, access management can be challenging.
One objective of effective access management is to grant a user access rights to those resources that are necessary or, to a lesser extent, useful, to complete the user's current project(s), while revoking the access rights to those resources that are no longer needed. Doing so would reduce the cost of maintaining excess resources, and also reduce the risks of a security breach stemming from those excess resources. However, it is difficult to ascertain which access rights should be maintained and which should be revoked on a user-by-user basis. For example, a user may be granted certain access rights during his/her involvement in a project. After the project concludes and the user is assigned to a new project, the user tends to keep those access rights, regardless of whether they are useful or even pertinent to the new project. Manual auditing of the access rights requires significant resources as well as deep understanding of the individual user's working habits, project requirements, etc., which may be impractical for large organizations having thousands or even tens of thousands of users.
Traditional access management methods rely heavily on organizational hierarchy. For example, individuals who belong to the same organizational unit or are managed by the same manager are usually assigned with the same or similar access rights. However, such methods become more and more problematic as users start collaborating with multiple teams at the same time. With multi-team collaborations, users within the same organizational unit may have vastly different sets of accesses. Therefore, the assumption that users in the same team should have similar access rights no longer holds.
Thus, there is a need for systems and methods capable of managing access rights based on analyzing the commonalities among different users' access rights, forming communities of users sharing similar access rights, and detecting anomalous access rights.