Principle of Least Privilege

What Does Principle of Least Privilege Mean?

The principle of least privilege (POLP) is an information security term that refers to a design objective in computing that a given user should only be able to access the information and resources he or she requires for legitimate reasons. POLP states that every module of a system, such as a process, user or program should have the least authority possible to perform its job.

Advertisements

Techopedia Explains Principle of Least Privilege

POLP helps maintain computer security. The user or component starts off with no privileges and is only given those considered necessary. While this seems like common sense, in reality the practice is difficult to achieve because more security systems assign rights based on membership in groups rather than as individuals.

Steps for implementing POLP include:
Map job functions privileges
Avoid assigning privileges directly to a guest or the public
Untangle the web of user entitlements
Monitor privileges

Advertisements

Related Reading

The 7 Basic Principles of IT Security

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

All Posts by Margaret Rouse

Most Popular Term

Networking

whoami Command

What is whoami? whoami is a command-line utility program for computers. It answers the question, "Who am I logged in as?" and...

Full Explanation

Margaret RouseTechnology Expert

Advertisements

Cybersecurity

Formjacking

What is Formjacking? Formjacking is the software equivalent of credit card skimming. It is a portmanteau combining "form" with part...

Full Explanation

Marshall GunnellTechnology Writer

Cybersecurity

Threat Actor

What is a Threat Actor? A threat actor is a term given to describe an entity that can potentially attack...

Full Explanation

Tim KearyTechnology Expert

Related News

dummy_img

Bitcoin Bull Run 2024: Are You Ready For The Rally?

Mensholong Lepcha11 years

dummy_img

Featured Content

eTukTuk’s Carbon Emission-Fighting Ecosystem Will Also Benefit Developing Economies

Alan Draper11 years

dummy_img

Top 9 Cybersecurity Trends in 2024

Linda Rosencrance11 yearsTechnology Journalist

dummy_img

Featured Content

Chimpzee Enters Final Stage As Investors Hurry to Passive Income Opportunity With 50x Potential.

Alan Draper11 yearsEditor-in-Chief

dummy_img

Tech Headlines of the Week: Great Google Purge, Meta’s Legal Showdown

Neil C. Hughes11 yearsSenior Tech Writer

dummy_img

Crypto Headlines of the Week: Crypto Valuations Soar, Binance Challenges

Ruholamin Haqshanas11 yearsCryptocurrency Journalist

Popular Categories
Show All

Artificial Intelligence

Password Managers

Project Management