Principle of Least Privilege
Definition
The principle of least privilege (PoLP) requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program) must be able to access only the information and resources that are necessary for its legitimate purpose.
Why It Matters
Least privilege is a fundamental security principle that minimizes the "blast radius" of a security breach. If a user account or system is compromised, the attacker will only have access to the limited set of resources that the compromised account was authorized for.
Contextual Example
A marketing employee's user account should only have access to marketing files and applications. It should not have access to the finance department's servers or the source code repository. This limits the damage that could be done if their account is compromised.
Common Misunderstandings
- Implementing least privilege can be complex, as it requires a detailed understanding of what permissions are truly necessary for each role.
- It is a core concept in modern security models like Zero Trust.