Why Trust Techopedia

What Does Privilege Mean?

Privilege, in the context of computer security, is the concept of only allowing users to do certain things. For example, an ordinary user is typically prevented from changing operating system files, while a system administrator is typically permitted to do so, because this is part of maintaining a computer system. Maintaining user privilege is typically accomplished through the use of administrative accounts, file permissions and Access Control Lists (ACLs).


Techopedia Explains Privilege

Privilege, in computer security, means delegating authority for making changes to a computer system. On many systems, there's a separation between "normal" users without any authority to make changes to the system and "administrative" users with full access to the system.

Modern operating systems include tools for maintaining privilege. File permissions define who is allowed to view and modify certain files and privilege escalation allows ordinary users to become administrative users when they supply a password.

Access Control Lists (ACLs) allow for even finer-grained control, customizing privileges for individual users.

On modern Windows systems ever since Vista, the User Account Control prompts users for an privilege escalation when they try to make certain changes, such as installing new programs. On Linux and other Unix systems, the sudo command typically performs these functions, though the su command to temporarily become root or superuser to perform administrative tasks is also common.

The principle of least privilege states that people should have the least amount of privilege necessary to do their jobs. For example, a database administrator could have the ability to modify a database under his or her control, with access to other databases restricted. Least privilege also applies to privilege escalation. Even administrative users typically run as ordinary users until they need to perform maintenance tasks, then UAC or sudo bumps up their privilege temporarily.

These measures are intended to limit the damage that hackers, malware or user errors can do to the integrity of the system.


Related Terms

Margaret Rouse

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…