P-13 Least Privilege Principle

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

A individual should be granted enough privilege to accomplish assigned tasks, but no more. This principle should be applied in direct proportion and with increased rigor as the potential for damage to a system rises. For example, on general-purpose systems, users may be divided into only two groups, a small group of privileged users to perform system administration and security and a larger group of normal users. On mission- critical systems, the system may be segmented into small groups, each with a well- defined role and access to group-specific data and capabilities.