Event-based data path detection

What is claimed is: 1. A computer-implemented method, comprising: receiving data, in a data processing system, and involving a first node and a second node in a network, the data indicating at least a permission of the second node to access data managed by the first node; updating, based at least in part on the permission, a first proximity measure between the first node and the second node to result in an updated first proximity measure; determining, based at least in part on the updated first proximity measure and a second proximity measure between the second node and a third node, whether a data path exists between a data source and a data sink, wherein the third node is different from the first node and the second node; and indicating whether the data path exists between the data source and the data sink. 2. The computer-implemented method of claim 1 , wherein the first node is the data source and the third node is the data sink. 3. The computer-implemented method of claim 1 , wherein the first node is the data sink and the third node is the data source. 4. The computer-implemented method of claim 1 , wherein the first node and second node are both different from the data source and data sink. 5. The computer-implemented method of claim 1 , wherein the data comprises network log entries. 6. The computer-implemented method of claim 1 , wherein the data comprises a record that indicates the permission, wherein the first node manages a database and the permission indicates that the second node may access the database managed by the first node. 7. The computer-implemented method of claim 1 , wherein the first node and the second node are services in the network. 8. A system comprising: at least one computing device that implements one or more services, wherein the one or more services: for a node pair including a first node and a second node in a network, receive data indicating at least a permission of the first node to access data managed by the second node; update a first proximity measure associated with first node based at least in part on the data to result in an updated first proximity measure; and detect a path between a data source and a data sink based at least in part on the updated first proximity measure and a second proximity measure associated with at least the second node and a third node, wherein the third node is different from the first node and the second node. 9. The system of claim 8 , wherein updating the first proximity measure comprises adding an edge to a graph representing nodes in the network. 10. The system of claim 8 , wherein the data includes a record that indicates the permission of the first node to access data via the second node. 11. The system of claim 8 , wherein the data comprises a log entry. 12. The system of claim 8 , wherein the updating the first proximity measure comprises changing the first proximity measure from indicating no path between the first node and second node to indicating a path portion between the first node and second node. 13. The system of claim 8 , wherein detecting the path between the first node and the second node comprises connecting a first path comprising the first node and a second path comprising the second node. 14. The system of claim 8 , wherein: the data further indicates an attribute specifying that data may pass from the first node to the second node; and the proximity measure of the first node is updated based at least in part on the attribute. 15. A non-transitory computer-readable storage medium comprising executable instructions that, if executed by one or more processors of a computer system, cause the computer system to at least: update a first proximity measure associated with a first node and a second node in a network, based at least in part on information indicating at least a privilege of the second node to access data managed by the first node, to result in an updated first proximity measure, the updated first proximity measure being weighted according to a type of activity indicated by the information; determine, based at least in part on the updated first proximity measure and a second proximity measure associated with at least the second node and a third node, whether a data path exists between a data source and a data sink, wherein the third node is different from the first node and the second node; and indicate whether the data path exists between the data source and the data sink. 16. The non-transitory computer-readable storage medium of claim 15 , wherein the first proximity measure is based at least in part on a network distance. 17. The non-transitory computer-readable storage medium of claim 15 , wherein the first node and second node are both different from the data source and the data sink. 18. The non-transitory computer-readable storage medium of claim 15 , wherein the information regarding the first node and the second node is from a log of events involving the network. 19. The non-transitory computer-readable storage medium of claim 15 , wherein the information is based at least in part on a set of privileges of the first node or second node. 20. The non-transitory computer-readable storage medium of claim 15 , wherein the measure indicates an ability of data to pass between the first node and the second node. 21. The computer-implemented method of claim 1 , wherein: the method further comprises determining, based at least in part on a sum of the first proximity measure and the second proximity measure, a security risk associated with the first node, the second node, and the third node; and indicating whether the data path exists includes indicating the security risk. 22. The computer-implemented method of claim 21 , wherein the security risk has an inverse relationship to the sum.