-
Sub-task
-
Resolution: Unresolved
-
Major
-
None
-
None
-
False
-
None
-
False
-
-
-
CLOUD Sprint 255, CLOUD Sprint 256, CLOUD Sprint 257, CLOUD Sprint 258, CLOUD Sprint 259, CLOUD Sprint 260, CLOUD Sprint 261, CLOUD Sprint 263, CLOUD Sprint 264, CLOUD Sprint 262
The principle of least privilege is the concept that all subjects of a computing environment are restricted from accessing resources that are not essential to their purpose. This includes application components, users, and processes. Following this principle, additional processes, roles, and accounts should only be created as necessary.
To enforce the fewest privileges on a subject, all privileges must be:
- Restricted as much as possible.
- Granted as late as possible.
- Revoked as soon as possible.
Define an access control model (to support a consistent and uniform way of allocating access) that grants access to the users as follows:
- Define appropriate access depending on each user's business and access needs.
- Define access to system components and data resources that are based on users' job classification and functions.
- Enforce the fewest privileges (for example, user, administrator) to perform a job function.
Access is assigned to users, including privileged users, based on:
- Job classification and function.
- Least privileges necessary to perform job responsibilities.
Define, assign, and manage access privileges for application and system accounts as follows:
- Based on the least privileges necessary for the operability of the system or application.
- Access is limited to the systems, applications, or processes that specifically require their use.
Note
The principle of least privilege can be applied in many different contexts. For example:
- Create an account for the sole purpose of running a particular background process.
- Run Server/daemon processes under restricted user accounts.
- Use accounts with access restricted to the required features and resources of a service.
- The code interacts with a service, such as a database, that supports user accounts and access controls. - Multiple accounts may be required to use different parts of the code, and to work with different sets of data.
Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-1-foundational-platform-offering-openshift/azure-service/tasks/phase/specifications/261-T14/