Least Privilege

From The Secure Arc Wiki

Jump to: navigation, search



A user, system or process should only be granted the minimum set of privileges they require to perform their designated job.


Securing a system is all about the mitigation of risk and the minimisation of the impact of a security breach. For example if a user, system or process is granted full administrative privileges then a compromise of that user, system or process or any of the systems it interacts with would potentially acquire those same administrative privileges.

The principle of Least Privilege minimises the impact of a compromise of the system when a breach does occur.

Further detailed information is available on Wikipedia.

Related References

Policies & Standards

The principle was first cited in a publication by Saltzer and Schroeder - The Protection of Information in Computer Systems. (1974)

"Every program and every user of the system should operate using the least set of privileges necessary to complete the job."

This was later used by the US Department of Defence in their 'Orange Book' (Trusted Computer System Evaluation Criteria, 1983)

An example of why this principle is important, can be found at the following link: eWeek - SF IT System Continues Lockout

Design Patterns


Personal tools