Least Privilege

Security+ 🏆 • Authentication & Authorization 🔐 • Governance (GRC) 📜 • Difficulty: free

Definition

Least privilege is the principle of giving users, devices, and applications only the access they need to do their job and nothing more. It reduces the damage that can occur from mistakes, compromised accounts, or malicious insiders by limiting what any one identity can do.

Examples

A new employee is given access only to the tools required for their role, not the entire shared drive.
An application account can read from one database table but cannot change user permissions or access unrelated systems.

Discover 🔎

Most major incidents become serious because an attacker gains too much access. Sometimes this happens because a user has broad permissions, sometimes because an admin account is reused, and sometimes because service accounts are far more powerful than they need to be. Least privilege is a simple idea that directly reduces this risk. If an account is compromised, the attacker inherits only limited power.

Remember: Least privilege is about limiting impact. It does not stop every compromise, but it makes compromise much less damaging.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.