Generally Accepted System Security Principles
P-13 Least Privilege Principle
Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
A individual should be granted enough privilege to accomplish
assigned tasks, but no more. This principle should be applied in direct
proportion and with increased rigor as the potential for damage to a
system rises. For example, on general-purpose systems, users may be
divided into only two groups, a small group of privileged users to
perform system administration and security and a larger group of normal
users. On mission- critical systems, the system may be segmented into
small groups, each with a well- defined role and access to
group-specific data and capabilities.