Quiz Entry - updated: 2026.06.25
What is the Least Privilege principle (also called "need-to-know")?
Grant every user, process, or service only the permissions strictly required to do its job — and revoke them as soon as they're no longer needed.
The principle has two halves that are equally important:
- Granting: start at zero and add only the access actually needed. Don't give a service "admin on the whole DB" when it only needs SELECT on three tables.
- Revoking: when a person changes roles, leaves the company, or a service no longer needs a permission, take it away. "Privilege creep" — people accumulating access over years — is one of the most common findings in audits.
Why it matters: least privilege limits the blast radius when something goes wrong. If a service is compromised and only had read access to one table, that's the worst that can happen. If it had root, the whole DB is gone.
Examples in practice:
- IAM roles with minimum policies (AWS, GCP, Azure).
- Database accounts with per-application credentials, not "the app uses root".
- Containers running as non-root.
- Linux
sudorules limited to specific commands.
Tip: Pair least privilege with regular access reviews — once-a-quarter audits where managers actually look at who has what. Without the review, granted permissions never get revoked.