Least Privilege

Authentication & Authorization 🔐 • Governance (GRC) 📜 • Security+ 01 • Difficulty: free

What is Least Privilege?

Least privilege is the security principle of giving a user, process, device, or application only the minimum access needed to perform its intended task and nothing more.

Examples

A help desk worker can reset passwords but cannot modify payroll data or domain-wide security settings.
An application account is granted permission to read one database table instead of full administrative control of the database server.

Discover 🔎

Access that feels convenient today often becomes a security problem tomorrow. When people, applications, or services are given more permission than they truly need, the extra access becomes exposed attack surface. If one account is compromised, the attacker inherits everything that account can reach.

Least privilege exists to reduce that problem. It asks a disciplined question before access is granted: what is the smallest amount of authority needed for this task to be done properly? The answer is often much narrower than organizations first assume.

Remember: Least privilege is not about making work impossible. It is about removing unnecessary access that creates avoidable risk.

Summary 📝

Least privilege is the principle of limiting access to the smallest amount truly needed for legitimate work. Its value lies in reducing unnecessary exposure, shrinking the impact of compromise, and making access decisions more deliberate and defensible. In well-managed environments, it supports both stronger security and clearer governance.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.