The principle of least privilege restricts users or processes from being granted access rights in excess of those specifically required for the performance of their defined tasks.
Key to the principle of least privilege is the acknowledgment that rights should be dictated by function instead of identity. And once a task necessitating elevated rights is completed those rights should be immediately revoked. In a way, least privilege is the cybersecurity version of “need to know” – a user who doesn’t need rights should not have rights.
By reducing excessive permissions, the organization decreases the total number of privileged operations and hence the risk of errors.
View the Cybersecurity Dictionary for top terms searched by your peers.