Identity & Access
Principle of Least Privilege
Also known as: Least privilege, Need-to-know basis
Definition
A security principle that grants every user, process, or service only the minimum privileges strictly required to perform its function — no more.
Examples
- A microservice using a database role that can only read the rows it needs, not the whole schema.
- A developer requesting time-bound admin rights via JIT access instead of holding them permanently.
Related terms
Just-in-Time Access
An access model that grants elevated or sensitive permissions only for a limited time and a specific task, then revokes them automatically.
Privileged Access Management (PAM)
A set of practices and tools that secure, control, monitor, and audit access to accounts and systems with elevated administrative privileges.
Role-Based Access Control (RBAC)
An authorization model that grants permissions to roles rather than directly to users, so users inherit access by virtue of their role assignments.
Attribute-Based Access Control (ABAC)
An authorization model that evaluates policies over attributes of the subject, resource, action, and environment to decide whether to allow an access request.
Zero Trust Network
Zero Trust Network — definition coming soon.
Authorization
The process of deciding what an already-authenticated identity is allowed to do — which resources, actions and conditions are permitted.