Principle of Least Privilege (POLP)

Updated Sept 29, 2020 · 8 min read

What is the principle of least privilege (POLP)?

The principle of least privilege (POLP) refers to the information security principle that a user account or process should only be able to access the resources necessary for its intended purpose. For example, a user who needs to sign off on expense reports shouldn't be able to modify the expense reports.

Benefits of the principle

The principle of least privilege is an important design consideration when protecting data from user error and malicious behavior. Every user with access to an application presents a potential security risk to an organization.

As an example, a hacker steals the identity of a user. By adhering to the principle, your organization hackers only gain access to the minimal privileges assigned to an employee. Organizations that don't adhere to the principle risk potentially exposing protected data, such as personally identifiable information (PII).

Privilege creep

Privilege creep is when users gradually accumulate access rights beyond what they need to do their job. System adminsitrators should continuously monitor user accounts to prevent privilege creep.

Superuser accounts

Adminsitrators of a system may use a superuser account, which provides them with unlimited privileges. The privileges for a superuser account can include full read and write privileges, such as modifying account settings, installing software, and deleting data.

As a best practice, access to the superuser account should only be given to administrators who absolutely need the elevated permissions to complete their job.


Related Terms

Security
Authentication

Authentication is the process of verifying the identity of a user. A common form of authentication is username password authentication...

Security
Authorization

Authorization refers to the policies that dictate what users can access when they use a system or application. Authorization is used as a ...