A security principle that provides users with the minimum levels of access or permissions needed to perform their job functions.
The principle of least privilege reduces insider risk by limiting the potential damage that can be caused by compromised or malicious insiders. It requires regular access reviews, role-based permissions, and just-in-time access provisioning to ensure users only have necessary access.