What Does Privilege Mean?

Privilege, in the context of computer security, is the concept of only allowing users to do certain things. For example, an ordinary user is typically prevented from changing operating system files, while a system administrator is typically permitted to do so, because this is part of maintaining a computer system. Maintaining user privilege is typically accomplished through the use of administrative accounts, file permissions and Access Control Lists (ACLs).


Techopedia Explains Privilege

Privilege, in computer security, means delegating authority for making changes to a computer system. On many systems, there's a separation between "normal" users without any authority to make changes to the system and "administrative" users with full access to the system.

Modern operating systems include tools for maintaining privilege. File permissions define who is allowed to view and modify certain files and privilege escalation allows ordinary users to become administrative users when they supply a password.

Access Control Lists (ACLs) allow for even finer-grained control, customizing privileges for individual users.

On modern Windows systems ever since Vista, the User Account Control prompts users for an privilege escalation when they try to make certain changes, such as installing new programs. On Linux and other Unix systems, the sudo command typically performs these functions, though the su command to temporarily become root or superuser to perform administrative tasks is also common.

The principle of least privilege states that people should have the least amount of privilege necessary to do their jobs. For example, a database administrator could have the ability to modify a database under his or her control, with access to other databases restricted. Least privilege also applies to privilege escalation. Even administrative users typically run as ordinary users until they need to perform maintenance tasks, then UAC or sudo bumps up their privilege temporarily.

These measures are intended to limit the damage that hackers, malware or user errors can do to the integrity of the system.


Related Terms

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…