← Lessons

quiz vs the machine

Gold1340

Security

The Principle Of Least Privilege

Granting only the access needed limits the blast radius of any compromise.

4 min read · core · beat Gold to climb

The Principle

Least privilege means every user, service, and process gets only the permissions required to do its job, and nothing more. When an account is compromised, tight scoping limits the damage an attacker can cause.

Why It Matters

  • A broadly scoped credential turns a small breach into a full takeover.
  • Narrow permissions shrink the blast radius of mistakes and attacks.
  • Scoped access makes audits and anomaly detection clearer.

Putting It Into Practice

  • Start from deny by default and add only what is needed.
  • Prefer short lived and just in time credentials over standing access.
  • Separate roles so no single identity holds excessive power.
  • Review and revoke unused permissions on a regular schedule.

Key idea

Least privilege limits the blast radius of any compromise, so grant minimal scoped access by default and prefer short lived credentials.

Check yourself

Answer to earn rating on the learn ladder.

1. What is the main benefit of least privilege?

2. Which practice best supports least privilege?