US 12,069,063 B1
Fine grained access control in a data lake using least privilege access
Saikiran Sri Thunuguntla, Bangalore (IN); Raman Gupta, Bangalore (IN); Senthil Kumar LS, Bangalore (IN); and Anishkumar SS, Bangalore (IN)
Assigned to INTUIT INC., Mountain View, CA (US)
Filed by INTUIT INC., Mountain View, CA (US)
Filed on May 31, 2023, as Appl. No. 18/326,896.
Int. Cl. H04L 9/40 (2022.01); G06F 21/62 (2013.01)
CPC H04L 63/105 (2013.01) [G06F 21/6218 (2013.01); H04L 63/20 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A computer-implemented method of controlling access to data tables in a data lake, the method comprising:
generating an access graph based on current access policies, the access graph indicating current access privileges between a plurality of user roles, associated with a plurality of users, and a plurality of data tables;
for a first user role associated with a first user and having current access privileges to a set of data tables of the plurality of data tables:
analyzing access logs to the set of data tables to determine a first subset of data tables that were accessed using the first user role;
identifying a predetermined number of additional user roles associated with additional users that have accessed at least a portion of the first subset of data tables;
generating a second subset of data tables comprising the first subset of data tables and additional data tables accessed by the predetermined number of additional user roles; and
maintaining access privileges of the first user role to the second subset of data tables, while revoking access privileges of the first user role to data tables of the plurality of data tables that are not included in the second subset of data tables.