Skip to main content
Home/Glossary/Principle of Least Privilege (PoLP)

Principle of Least Privilege (PoLP)

The practice of granting users and services the minimum access they need to perform their duties.

Security FoundationsAlso called: "least privilege", "minimal privilege"

The principle of least privilege limits blast radius. If a user account or API key is compromised, the attacker can do only what that identity was allowed to do.

Common gaps

  • Standing admin access in production environments.
  • Shared credentials stored in chat or wikis.
  • Service accounts with overly broad permissions.

Good habits

  • Use role-based access with time-bound elevation workflows.
  • Automate access reviews and revoke stale permissions.
  • Require just-in-time access for privileged tasks.

Related Tools

Related Articles

View all articles
📄

Claude Cowork: Anthropic's Autonomous Desktop Agent (What MSPs Need to Know)

Claude Cowork is an agentic mode in the Claude Desktop app that reads, edits, and organizes files on your computer and runs multi-step tasks on its own. Here's how it works, who can use it, and the security and governance controls IT teams should put in place first.

Read article →
📄

Scheduled Claude Agents: Managed Agents and Routines for Set-and-Forget Automation

Claude can now run agents on a cron schedule that securely reach CLI tools and authenticated services. Here's how Managed Agents and Claude Code Routines differ, and how IT and ops teams can use them safely.

Read article →
📄

AI Coding CLIs in CI/CD: Headless Modes, GitHub Actions, and Safe Automation

A practical DevOps guide to running Claude Code, Codex CLI, and Gemini CLI non-interactively in pipelines — headless flags, GitHub Actions, cost ceilings, and the guardrails that keep secrets from leaking.

Read article →
📄

Claude Computer Use in 2026: What It Does, Where to Run It, and Why MSPs Should Sandbox It

Claude Computer Use lets the model see a screen and drive the cursor, keyboard, and apps to automate UIs that have no API. Here is its 2026 status, supported models, the agent loop, and the security guardrails that matter for an MSP.

Read article →

Explore More Security Foundations

View all terms

Attack Surface

The total number of points where an unauthorized user could try to enter data into, or extract data from, an environment.

Read more →

Authentication

The process of verifying the identity of a user, device, or system before granting access to resources or services.

Read more →

Vulnerability

A weakness in a system, application, or process that could be exploited by a threat actor to gain unauthorized access or cause harm.

Read more →

Zero Trust Architecture

A security model that assumes breach, requiring continuous verification of every user, device, and workload regardless of location.

Read more →
Back to glossary