Quality assurance checks of access rights in a computing system

What is claimed is: 1. A system for ensuring the quality of identity and access management information at a computing system comprising: at least one processor; and a data store storing i) access right information for access rights provisioned to users of computing resources of the computing system, the access right information being stored in accordance with a data model that defines relationships between the access rights, the computing resources, and the users, and storing ii) role information for a plurality of roles assignable to the users, the role information indicating, for each role of the plurality of roles, a set of access rights associated with the role; and memory storing instructions that, when executed by the at least one processor, cause the system to perform a quality assurance task of a plurality of quality assurance tasks associated with the access rights; wherein the plurality of quality assurance tasks comprises a first quality assurance task associated with a first portion of the instructions that, when executed by the at least one processor, cause the system to: receive a first request to provision access rights to a user, the first request indicating a set of requested access rights, compare, for each role of the plurality of roles, the set of requested access rights to the set of access rights associated with the role, and based on whether the set of requested access rights matches the set of access rights associated with one of the roles, either (a) provision the requested access rights for the user if the set of requested access rights does not match the set of access rights associated with any of the plurality of roles, or (b) deny the request and provide an instruction to submit a new request indicating the role associated with the set of access rights that matches the set of requested access rights; and wherein the plurality of quality assurance tasks comprises a second quality assurance task associated with a second portion of the instructions that, when executed by the at least one processor, cause the system to: receive a second request to either provision an access right to or revoke the access right from the user, obtain, from the data store, a portion of the access right information indicating a set of provisioned access rights associated with the user, and based on a comparison of the access right to the set of provisioned access rights, either (a) provide the second request to an access request system for fulfillment, or (b) withhold the second request from the access request system. 2. The system of claim 1 wherein: the set of requested access rights is determined to match the set of access rights associated with one of the plurality of roles when the set of requested access rights includes all of the access rights in the set of access rights associated with the role. 3. The system of claim 1 wherein: the second request requests the access right be provisioned to the user; the second request is provided to the access request system for fulfillment if the access right to provision does not correspond to any of the provisioned access rights; and the second request is withheld from the access request system if the access right to provision corresponds to one of the provisioned access rights. 4. The system of claim 1 wherein: the second request requests the access right be revoked from the user; the second request is provided to the access request system for fulfillment if the access right to revoke corresponds to one of the provisioned access rights; and the second request is withheld from the access request system if the access right to revoke does not correspond to any of the provisioned access rights. 5. The system of claim 1 wherein: receiving the second request includes intercepting the second request submitted to the access request system before the access request system receives the second request. 6. The system of claim 1 wherein: the plurality of quality assurance tasks comprises a third quality assurance task associated with a third portion of the instructions that, when executed by the at least one processor, cause the system to: receive an access report indicating a set of utilized access rights, each utilized access right in the set of utilized access rights being determined to have been used to access one of the computing resources of the computing system, obtain, from the data store, a portion of the access right information indicating a set of provisioned access rights associated with the computing resource, each provisioned access right in the set of provisioned access rights permitting one of the users to access the computing resource, and generate a quality assurance report based on a comparison between the set of utilized access rights and the set of provisioned access rights. 7. The system of claim 6 wherein: generating the quality assurance report includes indicating in the quality assurance report, for each provisioned access right in the set of provisioned access rights, whether the provisioned access right has or has not been used to access the computing resource based on whether the provisioned access right corresponds to one of the utilized access rights in the set of utilized access rights. 8. The system of claim 1 wherein: the plurality of quality assurance tasks comprises a third quality assurance task associated with a third portion of the instructions that, when executed by the at least one processor, cause the system to: obtain a set of incomplete action items, each incomplete action item of the set of incomplete action items corresponding to an action to be performed with respect to one of the access rights, calculate, for each incomplete action item in the set of incomplete action items, a duration that the incomplete action item has remained incomplete, and indicate, in a quality assurance report for each incomplete action item in the set of incomplete action items, whether the incomplete action item is still actionable or no longer actionable based on a comparison of the duration to a duration threshold. 9. The system of claim 8 wherein: the set of incomplete action items comprises an incomplete action item corresponding to an unfulfilled request to either provision or revoke an access right from one of the users; and the duration is based on a date on which the unfulfilled request was submitted. 10. The system of claim 8 wherein: the set of incomplete action items comprises an incomplete action item corresponds to a pending review of at least a portion of the access rights; and the duration is based on a due date of the pending review. 11. A computer-implemented method of ensuring the quality of identity and access management information at a computing system comprising: storing, at a data store, i) access right information for access rights provisioned for users of computing resources of the computing system, the access right information being stored in accordance with a data model that defines relationships between the access rights, the computing resources, and the users, and storing ii) role information for a plurality of roles assignable to the users, the role information indicating, for each role of the plurality of roles, a set of access rights associated with the role; and performing a quality assurance task of a plurality of quality assurance tasks associated with the access rights; wherein the plurality of quality assurance tasks comprises a first quality assurance task comprising: receiving a request to provision access rights to a user, the request indicating a set of requested access rights, comparing, for each role of the plurality of roles, the set