Principle of Least Privilege (EN)

Principle of Least Privilege

The principle of least privilege is a fundamental security principle stating that users and systems should only receive the minimal necessary rights to perform their tasks. By restricting access rights to the absolute essentials, potential damage from a security incident is minimized, as attackers have limited opportunities to spread within the system. This principle should be consistently applied in application development, operating system configuration, and user account management. Its implementation significantly contributes to increasing the overall security of IT systems.

Implementation

flowchart TD     A[User] -->|Request| B[Application]     B -->|Check| C[Rights Management]     C -->|Allowed| D[Resource]     C -->|Denied| E[Rejection Message]     D -->|Data| F[Database]     F -->|Response| A 

In Context

• Typically used together with Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC)
• Related to: Zero Trust Architecture, Defense in Depth
• Example use case: A database user is granted read access only to specific tables, not the entire database