Access control governance using mapped vector spaces

摘要

Methods and apparatuses are described for enterprise access control governance in a computerized information technology (IT) architecture. A server generates a first vector space, each node in the first space representing a user of resources in the IT architecture and including attributes of the user. The server generates a second vector space, each node in the second space representing an entitlement to access resources in the IT architecture and including attributes of the entitlement. The server creates an entitlement utility matrix by mapping nodes in the first space to nodes in the second space. The server determines a set of recommended entitlements for a plurality of users based upon the utility matrix. The server determines a discrepancy between the set of recommended entitlements for a first user and a set of existing entitlements for the first user and adjusts the set of existing entitlements based upon the discrepancy.