The Principle of Least Privilege

The principle of least privilege applies to Authorization in the AAA identity and access management model.

Authorization is the process that grants a user approval to take certain action in the designated systems whether it is to view, modify, share, or delete data. Authorization is concerned with what the user is allowed to do.

The granularity of authorization is only as good as the sophistication of the system which supports the access approval decision making process and enforcement of approved access.

The access approval process is designed to grant access based on the user’s role and job duties which is referred to the principle of least privilege, which states users, devices, programs, and processes which are interconnected or must access each other to communicate and take certain actions, should be granted just enough permissions to do their required functions.

The risk of excessive and unnecessary access as well as the risk of insufficient access to perform a certain task to accomplish a goal should not be overlooked. Excessive access rights beyond someone’s normal job functions create an opportunity for errors, accidents, and exploits which can affect the confidentiality, integrity, and availability of data and systems. Insufficient access or access rights not provided in a timely manner can also negatively affect business operations.

A much severe case is when a user is granted administrator or a root access to a system without any justification. The highly privileged access should be limited to just a few persons in an organization because if the account is infected with malware or access credentials are stolen, the intruder can inflict much greater damage than with much limited privileges.

When someone’s access is beyond that person’s required access to perform their job duties, then that access is considered to be beyond the principle of least privilege.

Sure, access rights may be escalated for some persons to accomplish certain tasks such as when replacing another person who has higher privileges, however, the escalated access may have to be selective and temporary.