The objective of this competition is to build a model, learned using historical data, that will determine an employee's access needs, such that manual access transactions (grants and revokes) are minimized as the employee's attributes change over time. The model will take an employee's role information and a resource code and will return whether or not access should be granted.
The data consists of real historical data collected from 2010 & 2011. Employees are manually allowed or denied access to resources over time. We have to create an algorithm capable of learning from this historical data to predict approval/denial for an unseen set of employees.
- When an employee at any company starts work, they first need to obtain the computer access necessary to fulfill their role. This access may allow an employee to read/manipulate resources through various applications or web portals. It is assumed that employees fulfilling the functions of a given role will access the same or similar resources.
- It is often the case that employees figure out the access they need as they encounter roadblocks during their daily work (e.g. not able to log into a reporting portal). A knowledgeable supervisor then takes time to manually grant the needed access in order to overcome access obstacles. As employees move throughout a company, this access discovery/recovery cycle wastes a nontrivial amount of time and money.
- There is a considerable amount of data regarding an employee’s role within an organization and the resources to which they have access. Given the data related to current employees and their provisioned access, models can be built that automatically determine access privileges as employees enter and leave roles within a company.
- These auto-access models seek to minimize the human involvement required to grant or revoke employee access.
The objective of this project is to build a model, learned using historical data, that will determine an employee's access needs, such that manual access transactions (grants and revokes) are minimized as the employee's attributes change over time. The model will take an employee's role information and a resource code and will return whether or not access should be granted.
In this project we built and compared the performance of four Machine Learning classification techniques namely:
- K Nearest Neighbor(KNN)
- Decision Tree
- Support Vector Machine
- Logistic Regression
-
The data consists of real historical data collected from 2010 & 2011
-
This is an anonymized sample of access provisioned within the company.
-
This is a sparse data set, less than 10% of the attributes are used for each sample. The link is to a '*.tgz' file which contains two files:
- [amzn-anon-access-samples-2.0.csv] this file contains the access for users
- [amzn-anon-access-samples-history-2.0.csv] this file contains the access history for a given user