LOGBOOK

HELP

Quiz Entry - updated: 2026.06.25

What is the Least Privilege principle (also called "need-to-know")?

Grant every user, process, or service only the permissions strictly required to do its job — and revoke them as soon as they're no longer needed.

The principle has two halves that are equally important:

  • Granting: start at zero and add only the access actually needed. Don't give a service "admin on the whole DB" when it only needs SELECT on three tables.
  • Revoking: when a person changes roles, leaves the company, or a service no longer needs a permission, take it away. "Privilege creep" — people accumulating access over years — is one of the most common findings in audits.

Why it matters: least privilege limits the blast radius when something goes wrong. If a service is compromised and only had read access to one table, that's the worst that can happen. If it had root, the whole DB is gone.

Examples in practice:

  • IAM roles with minimum policies (AWS, GCP, Azure).
  • Database accounts with per-application credentials, not "the app uses root".
  • Containers running as non-root.
  • Linux sudo rules limited to specific commands.

Tip: Pair least privilege with regular access reviews — once-a-quarter audits where managers actually look at who has what. Without the review, granted permissions never get revoked.

From Quiz: ISF / Session Handling & Login Protocols | Updated: Jun 25, 2026