Technologies are shown for detection of identity misconfiguration that involve collecting identity/role binding and role/access rules data from multiple clusters supported by a computing resource system. Access rules for identities are extracted from the collected data and an access rule prediction model created to predict access rules for identities. An identity definition request for a tenant is received having a requested identity and a role assigned to the identity. A set of access rules is obtained for the role assigned to the identity and a predicted set of access rules is obtained for the requested identity from the prediction model. The access rules for the requested role are compared to the predicted set of access rules and a misconfiguration alert generated when there is a difference between the set of access rules for the requested role and the predicted set of access rules for the requested identity.