The principle of least privilege is the concept that all subjects of a computing environment are restricted from accessing resources that are not essential to their purpose. This includes application components, users, and processes. Following this principle, additional processes, roles, and accounts should only be created as necessary.

To enforce the fewest privileges on a subject, all privileges must be:

• Restricted as much as possible.
• Granted as late as possible.
• Revoked as soon as possible.

Define an access control model (to support a consistent and uniform way of allocating access) that grants access to the users as follows:

• Define appropriate access depending on each user's business and access needs.
• Define access to system components and data resources that are based on users’ job classification and functions.
• Enforce the fewest privileges (for example, user, administrator) to perform a job function.

Access is assigned to users, including privileged users, based on:

• Job classification and function.
• Least privileges necessary to perform job responsibilities.

Define, assign, and manage access privileges for application and system accounts as follows:

• Based on the least privileges necessary for the operability of the system or application.
• Access is limited to the systems, applications, or processes that specifically require their use.

Note

The principle of least privilege can be applied in many different contexts. For example:

• Create an account for the sole purpose of running a particular background process.

  - Run Server/daemon processes under restricted user accounts.
  

• Use accounts with access restricted to the required features and resources of a service.

  - The code interacts with a service, such as a database, that supports user accounts and access controls.
  - Multiple accounts may be required to use different parts of the code, and to work with different sets of data.
  

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/amq-clients/tasks/phase/specifications/141-T14/

Training Modules

Defending Web Applications

• Authorization Explained
• Privilege Escalation
• Securing Authorization
• API Authorization Controls

Secure Software Design

• Least Privilege and Modular Programming
• Separation of Duties
• Separating Components

OWASP Top 10 2021

• Privilege escalation concept

PCI SSF Compliance

• Limiting privileges and resources

Secure Software Requirements

• Modeling Permissions with a Subject-Object Matrix

Defending Node.js

• Avoid Using Root Account for Running Node