The
principle of least privilege grants only the minimum access rights necessary to perform legitimate functions — reducing blast radius if credentials are compromised.
Least privilege applies to: user accounts, service accounts, applications, network access, file permissions. Most violations accumulate over time (access granted, never removed). Regular access reviews enforce it. "Access creep" is the enemy of least privilege.