Principle of least privilege
The principle of least privilege is the security rule that every user, process, and system should have only the minimum permissions needed to do its job — no extra access 'just in case'. PoLP minimises the blast radius of any compromise: a stolen credential or exploited bug can only touch what the compromised principal could already touch.
PoLP is universally praised and routinely violated. The common shortcuts: developers granted admin to 'unblock', service accounts given wildcards in their IAM policies, secrets shared across services that don't need them. Each shortcut compounds: a small bug in one service can read the entire database because the service has db-admin role. The discipline is per-resource role design: every IAM policy starts at 'no access' and adds specific allows for the specific resources the principal needs. Tools like AWS Access Analyzer and IAM access advisor surface the gap between granted and used permissions; the surfacing tools are the cheap part — the hard part is taking the recommendations.
Related terms
- Zero trust architecture
Zero trust is the security model that assumes no implicit trust based on network location — every request, internal or external, must be authenticated, authorised, and continuously verified.
- Defense in depth
Defense in depth is the security principle of layering multiple independent controls so that a failure in any one doesn't expose the system — input validation plus parameterised queries plus least-privilege database access plus output encoding plus a WAF.
- Shift-left security
Shift-left security moves security activities — threat modelling, static analysis, dependency scanning, secret detection — earlier in the development lifecycle, ideally into the developer's IDE and PR workflow.