Home/Glossary/Principle of Least Privilege (PoLP)

Principle of Least Privilege (PoLP)

The practice of granting users and services the minimum access they need to perform their duties.

Security FoundationsAlso called: "least privilege", "minimal privilege"

The principle of least privilege limits blast radius. If a user account or API key is compromised, the attacker can do only what that identity was allowed to do.

Common gaps

  • Standing admin access in production environments.
  • Shared credentials stored in chat or wikis.
  • Service accounts with overly broad permissions.

Good habits

  • Use role-based access with time-bound elevation workflows.
  • Automate access reviews and revoke stale permissions.
  • Require just-in-time access for privileged tasks.

Related Tools

Related Articles

View all articles
Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Master threat modeling with STRIDE and DREAD frameworks to identify, classify, and prioritize security threats before they become vulnerabilities. This comprehensive guide covers data flow diagrams, mitigation mappings, MITRE ATT&CK integration, and building an enterprise threat modeling program.

Read article →
AWS S3 Complete Guide: Storage, CLI, Security & Cost Optimization

AWS S3 Complete Guide: Storage, CLI, Security & Cost Optimization

The definitive guide to AWS S3 covering core concepts, CLI commands, storage classes, security best practices, and cost optimization. Master S3 from fundamentals to production deployment.

Read article →
AWS S3 Security Best Practices: Encryption, Access Control & Compliance

AWS S3 Security Best Practices: Encryption, Access Control & Compliance

Secure your AWS S3 buckets with this comprehensive guide covering encryption options, IAM and bucket policies, Block Public Access, VPC endpoints, and compliance configurations.

Read article →
Cloud Penetration Testing: A Complete Guide for AWS, Azure, and GCP

Cloud Penetration Testing: A Complete Guide for AWS, Azure, and GCP

Cloud penetration testing requires different approaches than traditional network testing. Learn cloud provider policies, testing methodologies, and common findings across AWS, Azure, and GCP environments.

Read article →

Explore More Security Foundations

View all terms

Attack Surface

The total number of points where an unauthorized user could try to enter data into, or extract data from, an environment.

Read more →

Authentication

The process of verifying the identity of a user, device, or system before granting access to resources or services.

Read more →

Vulnerability

A weakness in a system, application, or process that could be exploited by a threat actor to gain unauthorized access or cause harm.

Read more →

Zero Trust Architecture

A security model that assumes breach, requiring continuous verification of every user, device, and workload regardless of location.

Read more →
Back to glossary