Patent attributes
An illustrative method includes accessing data representative of a first role associated with a set of permissions with respect to resources within the compute environment and specifying a group of identities assigned to the first role, determining that a first subgroup of one or more identities included the group of identities only uses a first subset of permissions included in the set of permissions to access the resources within the compute environment without using a second subset of permissions, and performing, based on the determining that the first subgroup of one or more identities only uses the first subset of permissions, an operation to reduce permissions usable by the one or more identities.