Least Privilege
Least privilege as a control system: access, approvals, and audit evidence.
Published:
Admin User
Updated:
published
Least Privilege
Least privilege reduces risk by granting only the access needed for a task.
In enterprise systems it must be paired with approvals and audit evidence.
See also
Access & Identity (Playbook) Audit Readiness Secrets ManagementFAQ
What is least privilege?
Grant only the access needed to perform a task, for only as long as needed.
How do approvals fit in?
High-risk access should require explicit approvals and be logged for audit.
What’s a common anti-pattern?
Shared accounts or permanently elevated privileges without review.
How do we measure progress?
Track privileged access events, reviews completed, and reduction in standing privileges.
What’s the first improvement?
Inventory privileged roles and remove unused access; introduce time-bound elevation.