Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Privilege, in the context of computer security, is the concept of only allowing users to do certain things. For example, an ordinary user is typically prevented from changing operating system files, while a system administrator is typically permitted to do so, because this is part of maintaining a computer system. Maintaining user privilege is typically accomplished through the use of administrative accounts, file permissions and Access Control Lists (ACLs).
Privilege, in computer security, means delegating authority for making changes to a computer system. On many systems, there's a separation between "normal" users without any authority to make changes to the system and "administrative" users with full access to the system.
Modern operating systems include tools for maintaining privilege. File permissions define who is allowed to view and modify certain files and privilege escalation allows ordinary users to become administrative users when they supply a password.
Access Control Lists (ACLs) allow for even finer-grained control, customizing privileges for individual users.
On modern Windows systems ever since Vista, the User Account Control prompts users for an privilege escalation when they try to make certain changes, such as installing new programs. On Linux and other Unix systems, the sudo command typically performs these functions, though the su command to temporarily become root or superuser to perform administrative tasks is also common.
The principle of least privilege states that people should have the least amount of privilege necessary to do their jobs. For example, a database administrator could have the ability to modify a database under his or her control, with access to other databases restricted. Least privilege also applies to privilege escalation. Even administrative users typically run as ordinary users until they need to perform maintenance tasks, then UAC or sudo bumps up their privilege temporarily.
These measures are intended to limit the damage that hackers, malware or user errors can do to the integrity of the system.