Skip to main content
Least Privilege

Least Privilege


Least Privilege

The principle of least privilege restricts users or processes from being granted access rights in excess of those specifically required for the performance of their defined tasks.

Key to the principle of least privilege is the acknowledgment that rights should be dictated by function instead of identity. And once a task necessitating elevated rights is completed those rights should be immediately revoked. In a way, least privilege is the cybersecurity version of “need to know” – a user who doesn’t need rights should not have rights.

By reducing excessive permissions, the organization decreases the total number of privileged operations and hence the risk of errors.

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.

Explore the Dictionary

Related Assets

October 22, 2018

PCI Compliance Does Not Always Equal Security

Learn how a risk-centric approach can be applied to each PCI requirement.

See Details

October 29, 2018

Leveraging Risk Strategy to Move Beyond Check-Box PCI Compliance

Merchants often put compliance spending at the top of their list for budgeting purposes because the consequences of non-compliance can be expensive. F...

See Details

July 31, 2017

PCI Services

Learn how Optiv can help you plan, build and run your PCI compliance program.

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.