What is the principle of least privilege?
D1 ยท General ยท CompTIA Security+ SY0-701The principle of least privilege (PoLP) states that every user, process, and system should have only the minimum access rights necessary to perform its function โ nothing more.
Related concepts: need-to-know (information access), separation of duties (no single person controls a critical process), job rotation (detects fraud, prevents over-reliance).
Related concepts: need-to-know (information access), separation of duties (no single person controls a critical process), job rotation (detects fraud, prevents over-reliance).
Least privilege reduces the blast radius of a breach. If an attacker compromises a low-privilege account, they can't access everything. Always pair with regular access reviews (account audits) to remove stale permissions.