User and group entitlements is one of the most significant and the most difficult aspects of IT security. In an organization, the protection of data is highly important, not only from external exploitation but also from internal misuse. A person in an organization who has illegal access to sensitive data can lead to undesirable effects. To determine who should have access to which data can be difficult, especially in large companies with a number of users. Large companies maintain many identity management roles and also maintain multiple databases that contain sensitive information. The concern that arises is to how entitlements should be determined.