Least privilege means giving people, apps, and tools only the access they need to do their job, and no more.
Why does it matter? Too much access can lead to big problems: someone clicks the wrong thing by accident, private info gets exposed, bigger mistakes become possible, and if an account is stolen, more doors are open. Just enough access keeps things safer.
Here are some real-life examples. A student account can do homework, turn in assignments, and read lessons, but cannot change school settings. A game app can use sound and save your progress, but does not need all your photos. A school helper can open one classroom door, but not every door in the building.
What can go wrong with too much access? Someone could see secret things, break important things, delete or change critical data, or do more damage if an account is stolen.
How do we stay safe? Give only the access someone needs, review access often, turn off old and unused access, use separate accounts for risky tasks (not everyday use), and ask before granting extra access.
Bonus robot tip: not everyone needs the master key.
Remember: only what you need, less access is less risk, big keys should be rare, and check, clean up, and keep it safe.
What to remember
- Least privilege means only the access you need, no more.
- Less access means less risk if something goes wrong.
- Big keys should be rare, not for everyone.
- Check, clean up, and keep access right.
Words to know
- Least privilege
- Giving only the access truly needed.
- Access
- What someone or an app is allowed to do.
- Permission
- An allowed action, like read or change.
- Account
- A login with its own set of permissions.
For grown-ups
Least privilege is the principle of granting each user, process, or app only the minimum access required for its task, no standing admin, no broad scopes by default. It shrinks the blast radius of mistakes and compromise. Pair it with regular access reviews, separate accounts for risky tasks, and just-in-time elevation.
Want the full story? These go deeper:
