PoLP
The Principle of Least Privilege states that users, systems, and processes should have only the minimum access rights necessary to perform their intended function — nothing more.
⚙️ How Does It Work?
Implemented through RBAC (tight role definitions), PAM (removing standing admin rights), IGA (access reviews removing excess entitlements), and ABAC (context-aware permission decisions).
📍 Where Is It Used?
Every security architecture — foundational to Zero Trust, required by most compliance frameworks including NIST, ISO 27001, and SOX.
💡 Real-World Example
A finance analyst has Finance Admin access inherited from a previous role. An IGA access review identifies this over-provisioning. Her access is reduced to Finance Read-Only — least privilege enforced.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →