System for detecting anomalous access to tables

What is claimed is: 1. A system for detecting anomalous data access, comprising: a non-transitory memory storing instructions; and one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising: receiving, from a requesting user, a query for accessing a set of data from a data storage; determining that the requesting user has no history of accessing the set of data from the data storage; in response to the determining that the requesting user has no history of accessing the set of data from the data storage, determining a likelihood of the requesting user requesting access to the set of data by: determining a set of users that shares one or more common organizational attributes with the requesting user within an organization; comparing a first data access pattern associated with the requesting user against data access patterns associated with the set of users; identifying, from the set of users, a subset of users based on the comparing, wherein the subset of users is associated with a subset of the data access patterns that matches the first data access pattern within a threshold; obtaining a data access history associated with the subset of users, wherein the data access history comprises data accesses of different data in the data storage by the subset of users; and calculating the likelihood of the requesting user requesting access to the set of data based on the data accesses by the subset of users; and determining whether to restrict the requesting user from accessing the set of data based on the calculated likelihood. 2. The system of claim 1 , wherein the set of data comprises at least one of personal identifiable information of customers of the organization or unique identifiers of financial instruments. 3. The system of claim 1 , wherein the determining the set of users that shares the one or more common organizational attributes with the requesting user is based on an organization chart of the organization. 4. The system of claim 3 , wherein the determining the set of users that shares the one or more common organizational attributes with the requesting user is further based on a common project to which the requesting user and the set of users are assigned. 5. The system of claim 1 , wherein the determining the set of users that shares the one or more common organizational attributes with the requesting user is based on historical data stored in the data storage. 6. The system of claim 1 , wherein the likelihood is calculated using collaborative filtering. 7. The system of claim 1 , wherein the determining whether to restrict the requesting user from accessing the set of data is further based on whether the calculated likelihood exceeds a predetermined threshold. 8. A method for detecting anomalous data access, the method comprising: receiving, by one or more hardware processors from a requesting user, a query for accessing a set of data; determining, by the one or more hardware processors, that the requesting user lacks a history of accessing the set of data; in response to the determining that the requesting user lacks a history of accessing the set of data, determining, by the one or more hardware processors, a likelihood of the requesting user requesting access to the set of data by: identifying, by the one or more hardware processors, a set of users that shares one or more organizational attributes with the requesting user within an organization; comparing, by the one or more hardware processors, a first data access pattern associated with the requesting user against data access patterns associated with the set of users; identifying, by the one or more hardware processors from the set of users, a subset of users based on the comparing, wherein the subset of users is associated with a subset of the data access patterns that matches the first data access pattern within a threshold; obtaining, by the one or more hardware processors, a data access history associated with the subset of users, wherein the data access history comprises data accesses of different data by the subset of users; and calculating, by the one or more hardware processors, the likelihood of the requesting user accessing the set of data based on the data accesses by the subset of users; and determining whether to grant the requesting user access to the set of data based on the calculated likelihood. 9. The method of claim 8 , wherein the requesting user is an employee of the organization. 10. The method of claim 8 , wherein the identifying the set of users that shares one or more organizational attributes with the requesting user is based on an organization chart of the organization. 11. The method of claim 8 , wherein the set of users comprises a predefined number of users. 12. The method of claim 8 , wherein the set of users is identified further based on at least one of a manager associated with the requesting user, a title associated with the requesting user, or a department associated with the requesting user. 13. The method of claim 8 , wherein the likelihood is calculated using collaborative filtering. 14. The method of claim 8 , wherein the set of data comprises at least one of personal identifiable information of customers of the organization or unique identifiers of financial instruments. 15. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising: receiving, from a requesting user, a query for accessing a set of data; determining that the requesting user has no history of accessing the set of data; in response to the determining that the requesting user has no history of accessing the set of data, determining a likelihood of the requesting user requesting access to the set of data by: determining a set of users that shares one or more common organizational attributes with the requesting user within an organization; comparing a first data access pattern associated with the requesting user against data access patterns associated with the set of users; identifying, from the set of users, a subset of users based on the comparing, wherein the subset of users is associated with a subset of the data access patterns that matches the first data access pattern within a threshold; obtaining a data access history associated with the subset of users, wherein the data access history comprises data accesses of different data by the subset of users; and calculating a likelihood of the requesting user accessing the set of data based on the data accesses by the subset of users; and determining whether to restrict the user from accessing the set of data based on the calculated likelihood. 16. The non-transitory machine-readable medium of claim 15 , wherein the set of data comprises at least one of personal identifiable information of customers or the organization or unique identifiers of financial instruments. 17. The non-transitory machine-readable medium of claim 15 , wherein the determining the set of users that shares the one or more common organizational attributes with the requesting user is based on an organization chart of the organization. 18. The non-transitory machine-readable medium of claim 17 , wherein the determining the set of users that shares the one or more common organizational attributes with the requesting user is further based on a common project to which the set of users and the requesting user are as