Methods and apparatuses are described for enterprise access control governance in a computerized information technology (IT) architecture. A server determines access control entitlements for each of a plurality of users of the IT architecture, and converts the access control entitlements for each user into a multidimensional vector. The server generates a vector space comprising a plurality of nodes, each node in the vector space corresponding to a multidimensional vector associated with the access control entitlements. The server determines clusters of nodes in the vector space by using a similarity measure based upon dimensions of the vector. The server identifies a job role associated with each of the clusters of nodes in the vector space based upon access control entitlements that are common to the nodes. The server locates outlier nodes in the vector space positioned at least a predetermined distance away from at least one of the clusters. The server determines differences between the entitlements for each of the outlier nodes and the entitlements for a node in the nearest one or more clusters and adjusts the existing entitlements for the each user associated with the outlier nodes based upon the determined difference.
展开▼