Controlling access to electronic data assets

What is claimed is: 1. A computer-implemented method for granting purpose-based access to electronic data assets, the computer-implemented method comprising, by one or more hardware processors executing program instructions: receiving, from a first user, a request to access data assets associated with a purpose object; in response to receiving the request from the first user: generating a purpose access request object including at least an identification of the first user and an identification of the purpose object; and providing an indication of the purpose access request object to a second user associated with the purpose object; receiving, from the second user, an approval of the request; in response to receiving the approval of the request from the second user: updating the purpose access request object to include at least an indication of the approval of the request; and granting the first user access to data assets associated with the purpose object; receiving, from the second user, a second request to associate a data asset with the purpose object; in response to receiving the second request from the second user: generating a data access request object including at least an identification of the purpose object and an identification of a data asset object associated with the data asset; and providing an indication of the data access request object to a third user associated with the data asset object; receiving, from the third user, an approval of the second request; and in response to receiving the approval of the second request from the third user: updating the data access request object to include at least an indication of the approval of the second request; and associating the data asset object with the purpose object. 2. The computer-implemented method of claim 1 , wherein the data asset is a derived data asset comprising a combination of at least two data assets, and wherein the computer-implemented further comprises, by the one or more hardware processors executing program instructions: further in response to receiving the second request from the second user: providing an indication of the data access request object to a fourth user associated with the derived data asset object and/or the second user, wherein the fourth user is also associated with another data asset object associated with at least one of the two data assets; receiving, from the fourth user and/or the second user, an approval of the second request; and in response to receiving the approval of the second request from both (1) the third user and (2) the second user and/or the fourth user: updating the data access request object to include at least an indication of the approval of the second request; and associating the derived data asset object with the purpose object. 3. The computer-implemented method of claim 1 , wherein the data asset object is automatically filtered when associated with the purpose object. 4. The computer-implemented method of claim 1 further comprising, by the one or more hardware processors executing program instructions: granting the first user access to the data asset as a result of the data asset object being associated with the purpose object. 5. The computer-implemented method of claim 1 further comprising, by the one or more hardware processors executing program instructions: receiving an input from the second user requesting to view a graph view of objects associated with the first user; and in response to receiving the input: generating a graph view of objects associated with the first user, the graph view including graphical nodes indicative of objects and graphical connectors indicative of links between the objects, wherein the objects associated with the first user include: a user object associated with the first user, any purpose access request objects associated with the user object, any purpose objects associated with any of the purpose access request objects, any data access request objects associated with any of the purpose objects, and any data asset objects associated with any of the data access request objects. 6. The computer-implemented method of claim 5 , wherein: the purpose access request object is linked to the user object, the purpose object is linked to the purpose access request object, the data access request object is linked to the purpose object, and the data asset object is linked to the data access request object. 7. The computer-implemented method of claim 1 , wherein: the purpose access request object is linked to a user object associated with the first user, the purpose object is linked to the purpose access request object, the data access request object is linked to the purpose object, and the data asset object is linked to the data access request object. 8. The computer-implemented method of claim 7 , wherein the data asset is associated with the purpose object by way of the purpose object being linked to the data access request object, and the data access request object being linked to the data asset object. 9. The computer-implemented method of claim 7 , wherein the first user is associated with the purpose object by way of the purpose object being linked to the purpose access request object, and the purpose access request object being linked to the user object. 10. The computer-implemented method of claim 1 , wherein the second user is required to provide a justification with the second request, and wherein the justification is included in the data access request object. 11. The computer-implemented method of claim 1 , wherein the first user is required to provide a justification with the request, and wherein the justification is included in the purpose access request object. 12. The computer-implemented method of claim 11 further comprising, by the one or more hardware processors executing program instructions: generating a report based at least in part on the purpose access request object and the justification provided by the first user. 13. The computer-implemented method of claim 11 , wherein the purpose access request object is further associated with an access type provided by the first user, and wherein the access type affects permissions of the first user with respect to the data assets associated with the purpose object. 14. The computer-implemented method of claim 1 further comprising, by the one or more hardware processors executing program instructions: storing an ontology defining a plurality of object types and associated properties, and further defining relationships among the object types; wherein the objects types include at least: a user object type, a purpose access request object type, a purpose object type, a data access request object type, and a data asset object type; and wherein the user object type is not related to the data asset object type. 15. The computer-implemented method of claim 1 further comprising, by the one or more hardware processors executing program instructions: receiving, via a graphical user interface, specification of one or more alert conditions and one or more alert actions; applying the one or more alert conditions to the purpose access request object; and in response to at least one of the one or more alert conditions being satisfied, taking the one or more alert actions, including at least generating an alert, wherein the alert is reviewable along with related information by a user. 16. The computer-implemented method of claim 1 further comprising, by the one or more hardware processors executing program instructions: providing, via a