The Principle of Least Privilege

The principle of least privilege means only having the access you need to do your job.

Summary

Credential harvesting and unauthorised access causes a large number of security related incidents, and can lead to larger issues when users have excessive or administrative permissions. Getting access to an account with a lot of permissions is great for attackers as they have more access to data and systems. This makes it easier to get more information and easier to go undetected.

These attacks can be mitigated by implementing role-based access control. Permissions can be assigned to a role. User accounts can have more than one role assigned.

Purpose

The intent of this control is to ensure users only have the access they need to do their jobs.

Least privilege: Key takeaways

  • If you’re unsure which permissions a user account needs, give less access. If they can’t do an aspect of their job, they can ask for extra permissions.
  • Sometimes it’s challenging to understand what level of access a user account needs. When in doubt, assign a lower level of access. If the user account requires administrative permissions, make sure you understand why, the responsibilities this entails.
  • Be critical of giving out administrative access. It’s OK to ask users why they may need those permissions & what tasks they need to perform.
  • Administrator access requires an additional layer of security using multi-factor authentication.

If you would like to increase the level of access to your site, please take a look at Website Access, Responsibility & Acceptance & fill in the form at the end of the page.

Further reading →

Interested in talking about WordPress?