Role discovery using privilege cluster analysis

What is claimed is: 1. A computer implemented method for roles discovery using permission cluster analysis, the method comprising: accessing a hierarchy of data that corresponds to an organization chart and that comprises one or more levels of the hierarchy with root nodes corresponding to one or more employee position titles, mid-level nodes corresponding to constituent duties of the one or more employee position titles and leaf nodes corresponding to respective permissions of the constituent duties controlling computer network access; traversing the one or more levels of the hierarchy; retrieving, based on the traversing, a set of permissions; enumerating one or more permissions inherited by each employee position title based on the hierarchy of data; clustering the set of permissions into a plurality of sets of clustered permissions comprising all combinations of individual permissions, by: implementing a first database table for generating unique clusters of permissions, the first database table comprising: (i) a first column that identifies an operation to calculate permission clusters comprising of at least two permissions for a given cluster, (ii) a second column that holds results from performing the operation from the first column to calculate the permission clusters, (iii) a plurality of database table rows, each row of the plurality of the database rows corresponding to a specific permission cluster in the second column formed from an application of a respective operation in the first column to calculate the specific permission cluster, such that the unique permission clusters are identified based at least upon a resolution of duplicated permission clusters in the second column, implementing a second database table for correlating the permission clusters with jobs, the second database table comprising a plurality of rows that each correlates one of the unique permission clusters from the first table to a set of one or more jobs, the plurality of rows in the second database table being sortable by a correlation factor between a specific permission cluster and the one or more jobs; assigning one or more of the plurality of sets of clustered permissions to a respective virtual role; storing an assigned one or more sets of clustered permissions in association with the respective virtual role in one or more database tables; retrieving data from a respective database table; determining, based on the retrieving of the data, whether a specific permission is stored in the respective database table in association with one or more virtual roles; and controlling access to the computer network by performing at least one of (i) granting or (ii) denying access to a resource within the computer network to an employee associated with the one or more virtual roles. 2. The method of claim 1 , wherein a particular individual set of the plurality of sets of clustered permissions corresponds to the permissions of the constituent duties of at least two employee position titles. 3. The method of claim 1 , further comprising naming at least one of the plurality of sets of clustered permissions. 4. The method of claim 1 , further comprising ranking at least some of the plurality of sets of clustered permissions using an objective optimization function. 5. The method of claim 4 , wherein the objective optimization function comprises a minimization function or a maximization function. 6. The method of claim 1 , further comprising: naming at least one of the plurality of sets of clustered permissions, in which a particular individual set of the plurality of sets of clustered permissions corresponds to the permissions of the constituent duties of at least two employee position titles and each of the set of clustered permissions having been used within a threshold amount of time from a current time; maintaining one or more of a database describing one or more employees corresponding to the one or more employee position titles, a database describing one or more employee position titles, a database describing one or more duties of one or more employee position titles, and a database describing one or more permissions of one or more duties; modifying one or more of the database describing one or more employees corresponding to the one or more employee position titles, the database describing one or more employee position titles, the database describing one or more duties of one or more employee position titles, and the database describing one or more permissions of one or more duties, the modifying comprising creating, deleting, or altering information maintained in a database based on information received via a graphical user interface; naming at least one of the plurality of sets of clustered permissions based at least in part on a measure of similarity between one or more permissions of the at least one of the plurality of sets of clustered permissions and or more permissions corresponding to one or more existing named duties; presenting to a user, using a graphical user interface, a mapping of at least one of the plurality of sets of clustered permissions to an employee position title for assigning permissions, the graphical user interface comprising one or more options to select one or more employee position titles, one or more duties, and one or more permissions; clustering, using a clustering engine, the set of permissions into a plurality of sets of clustered permissions corresponding to different combinations of permissions formed from individual permissions that correspond to the permissions of the constituent duties of at least one employee position title, the plurality of sets of clustered permissions comprising mutually exclusive combinations of the permissions; identifying one or more of the plurality of sets of clustered permissions that do not correspond to a duty of the one or more employee position titles; removing the identified one or more of the plurality of sets of clustered permissions that do not correspond to a duty of the one or more employee position titles from the one or more of the plurality of sets of clustered permissions; generating the organization chart based one or more of the database describing one or more employee position titles, the database describing one or more duties of one or more employee position titles, and the database describing one or more permissions of one or more duties, the organization chart comprising a computer-readable hierarchical organization chart; generating a record of duties of one or more employee position titles, the generating comprising: analyzing one or more duties of one or more employee position titles, generating the record of duties based at least in part on the analysis, and storing the record of duties in association with the one or more employee position titles; ranking at least some of the plurality of sets of clustered permissions based at least in part on one or more calculations performed on each of the sets of clustered permissions, the one or more calculations performed on one or more of a number of permissions included in a set of clustered permissions, a number of employee position titles corresponding to permissions included in a set of clustered permissions, and a number of employee position titles for which every permission included in a set of clustered permissions is assigned to an employee position title; ranking at least some of the plurality of sets of clustered permissions using an objective optimization function, in which the objective optimization function comprises a minimization function or a maximization function that minimizes or maximizes at least one of a number of virtual roles to which one or more of the plurality of sets of clustered permissions are assigned, a number of clusters of permi