Some of the major data breaches have been carried out by internal users. A couple of examples are Sports Direct in 2017 and Sage in 2016. In fact, a research by Intel Security had estimated that around 43% of data breaches happen because of internal users. That makes internal users a big risk in terms of data security. As a direct consequence, access of employees to information assets within an organization is a major security control. The biggest challenge in managing access risk is how to have the correct access levels for different employees in different functions and at different roles. Too restrictive access policies can impact the efficiency of business operations, while very open access controls can substantially raise the risk of data breach – by employees intentionally or unintentionally.