Beginner Fundamentals

Principle of Least Privilege

The Principle of Least Privilege (PoLP) states that every user, system, or process should have only the minimum permissions needed to perform its function — nothing more.

Why It Matters

When a compromised account has unrestricted access, the attacker inherits all its powers. With least privilege, the damage stays contained.

Scenario A — account with full access:
  Attacker compromises account → accesses all data → exports everything

Scenario B — account with least privilege:
  Attacker compromises account → accesses only /reports/2024/ → damage contained

Practical Application

Human Users

Support analyst → read-only log access, no access to payment data
Developer → access to dev/staging, not production
DBA → manages the database, but cannot access application servers

Service Accounts (Systems)

Email-sending service:
  Wrong: account with full database access
  Right: account that can only read the "email_queue" table

AWS IAM — Concrete Example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject"],
      "Resource": "arn:aws:s3:::my-bucket/reports/*"
    }
  ]
}

This policy allows only reading objects under a specific prefix. Nothing more.

Database

-- Create user with read-only access to a specific table
CREATE USER 'api_read'@'localhost' IDENTIFIED BY '...';
GRANT SELECT ON app_db.orders TO 'api_read'@'localhost';
-- No INSERT, UPDATE, DELETE, DROP

Just-in-Time Access

Even better: grant access temporarily only when needed.

Engineer needs prod access to investigate an incident:
1. Opens a request in the PAM (Privileged Access Management) system
2. Manager approval
3. Access granted for 2 hours, with session recording
4. Access automatically revoked at the end of the period

Common Mistakes

- Service account with admin permission "for convenience"
- Users sharing admin credentials
- Permissions granted and never reviewed
- Former employee account still active

Periodic Review

Privileges accumulate over time. Review quarterly who has access to what. Remove what is no longer necessary.