Least Privilege

Definition

The principle of least privilege states that every user, application, or process should have only the minimum access rights needed to perform their task.

Least privilege is a fundamental security principle that reduces the attack surface. Implementation includes RBAC, just-in-time access, regular access reviews.

Least privilege is a core Zero Trust principle required by ISO 27001, NIS2, and PCI DSS.

Related terms

Zero Trust PAM (Privileged Access Management) IAM (Identity and Access Management)
← Back to glossary