What is Least Privilege?

Question

Accepted Answer

Least privilege is a security principle that limits access for users, programs, and processes to the bare minimum permissions they need to perform their intended function. The goal of least privilege is to reduce risk by limiting damage from errors or malicious actions. For example, in a cloud environment you would grant an application's runtime user account only the specific permissions in needs, like read access to certain storage buckets or databases. You wouldn't give it full administrative access. For users, you may restrict a developer's access to just their own code repository instead of granting read/write access to all code. Or an ops engineer may only get access to resources they need to manage like virtual machines or load balancers. By following least privilege, if a user account or application gets compromised, the blast radius is minimized. Overall, least privilege reduces the attack surface and helps enforce separation of duties in a cloud native environment.