The principle of least privilege states that a subject should be granted only the privileges necessary to complete its task.
A party requesting access to a resource should be granted only the minimum rights necessary and should be in effect for the shortest possible duration (remember to remove granted privileges at the end of the task). Granting permissions to a user beyond the scope of rights needed for an action may allow that user to obtain or modify information in undesirable ways. Therefore, careful delegation of access rights can limit the possibility of damaging a system.
Each program and system user should operate using the least amount of privileges necessary to complete their work. First and foremost, this principle limits the damage that can result from an accident or error. It also reduces the number of potential interactions between privileged programs to the minimum necessary for proper operation, so that unintended, unwanted, or improper uses of privileges are less likely to occur. In this way, if a question arises about improper use of a privilege, the number of programs that need to be checked is minimized.
If a subject does not need a right of access, it does not have to have it. In addition, the function of the subject (rather than its identity) should control the allocation of rights. If a specific action requires that a subject's access rights be increased, those additional rights should be relinquished immediately after the action is completed.If the subject does not need access to an object to perform its task, it should not have the right to access that object. More precisely, if a subject needs to add information to an object, but not to modify the information already contained in the object, he should have rights to add, not write.