Glossary · Security testing

What is Least Privilege?

Also known as: Principle of least privilege, PoLP, Least privilege access

Least privilege is the security principle of granting every user, account, and process only the access it genuinely needs to perform its function, and no more. By minimizing standing permissions, it shrinks the attack surface and limits the damage that any single compromised account can cause.

Key takeaways

  • Least privilege grants only the access required, nothing extra.
  • It shrinks the attack surface and limits blast radius after a compromise.
  • It applies to people, service accounts, and automated processes alike.
  • It is enforced and maintained through regular access reviews.

What does least privilege actually mean?

Least privilege says that any identity should hold the minimum permissions necessary to do its job and nothing beyond that. A help-desk account does not need database administrator rights; a reporting service does not need write access to production. The principle applies equally to human users, service accounts, and automated workloads.

The opposite of least privilege is privilege creep, where accounts accumulate permissions over time through role changes, temporary grants that are never revoked, and broad default access. Over months and years, this leaves organizations with far more standing access than anyone can justify, much of it forgotten.

Why does least privilege matter so much?

Excess permissions are fuel for attackers. When a credential is stolen, the damage is bounded by what that credential can do. Tightly scoped access means a compromised account unlocks little, while over-privileged accounts hand an attacker the keys to escalate and pivot. Least privilege is therefore one of the most effective brakes on lateral movement and privilege escalation.

Least privilege is also a foundational pillar of zero trust. You cannot verify and minimize access on every request if accounts carry sweeping standing permissions, so the two principles reinforce each other directly.

How is least privilege enforced over time?

  • Define roles and grant permissions based on job function rather than convenience.
  • Use just-in-time and time-bound access for elevated privileges.
  • Conduct regular access reviews to revoke unused or excessive rights.
  • Remove access promptly when people change roles or leave.
  • Monitor for and remediate privilege creep and orphaned accounts.

Least privilege is not a one-time configuration; it decays without maintenance. Periodic access reviews are the control that keeps it honest, and they double as audit evidence for many compliance frameworks.

Frequently asked questions

How is least privilege different from zero trust?
Least privilege is a specific principle about minimizing permissions. Zero trust is a broader architecture that removes implicit trust from the network. Least privilege is one of the core pillars that makes zero trust work.
What is privilege creep and why is it a problem?
Privilege creep is the gradual accumulation of unnecessary permissions as accounts change roles or receive temporary access that is never revoked. It quietly expands the attack surface and gives compromised accounts far more reach than intended.
How do access reviews support least privilege?
Access reviews periodically re-examine who has access to what and remove rights that are no longer justified. They counter privilege creep, keep permissions aligned with current roles, and provide evidence for compliance audits.

Authoritative sources

← Back to the glossary