LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the Principle of Least Privilege and how do you apply it in practice?

Grant each component only the minimum permissions it needs — so a compromise can't reach anything beyond that minimum.

A least-privilege hub radiating to five concrete applications across DB, filesystem, tokens, IAM and roles.

* One principle, five concrete least-privilege applications — DB grants, file scope, read-only tokens, narrow IAM, job-based roles. *

Grant only the minimum permissions required for a function — nothing more.

Practical examples:

Context Least Privilege Application
Database Web app user can only SELECT/INSERT/UPDATE on specific tables, not DROP
File system App can only read/write its own directories, not /etc
API tokens Scoped to specific operations (read-only vs admin)
Cloud IAM Lambda gets permission for one S3 bucket, not s3:*
User roles Access based on job function, not "everyone is admin"

Why it matters: If a component is compromised, least privilege limits what the attacker can do. A DB user that can't DROP TABLES can't destroy your data even if SQL injection succeeds.

Go deeper:

From Quiz: SPRG / Secure Architecture & Design | Updated: Jul 14, 2026