What is the security principle called that grants users and applications ONLY the minimum permissions necessary for their job and does NOT grant unnecessary permissions?
A question asking to identify the name of the security principle that grants only the minimum necessary permissions.
The principle of defense in depth
Defense in depth is a real security principle that mitigates the impact of breaches by layering multiple defenses such as network, host, and application.
However, this question describes minimizing the permissions granted to individual users, not how to layer defenses, so this is incorrect.
The principle of separation of duties
Separation of duties is a real principle that prevents the concentration of authority in one person by distributing critical operations across multiple roles.
While it is related to permission management, this question describes minimizing the amount of permission granted to each individual user, not distributing roles, so this is incorrect.
The principle of least privilege
This is correct. The principle of least privilege grants only the minimum permissions required to perform a job. By not granting unnecessary permissions, it minimizes the blast radius in the event of accidental operations or credential leakage. It is a fundamental principle of IAM design.
The principle of zero trust
Zero trust is a real security model that does not implicitly trust even internal network traffic and verifies every access.
Its focus is 'never trust, always verify,' which is not the same as the description in this question of minimizing the permissions granted, so this is incorrect.
'Minimum necessary permissions' points to the principle of least privilege. It is the core of IAM best practices and minimizes the impact of leakage and accidental operations. Be careful not to confuse it with other real principles: defense in depth (layering defenses) and separation of duties (distributing permissions across multiple people). Use the keyword 'minimum necessary' to distinguish.