In computer science and other fields the principle of minimal privilege, also known as principle of least privilege or just least privilege, requires that in a particular abstraction layer of a computing environment every module (computing) (which can be for example, a Process, a user or a computer program on the basis of the layer we are considering) must be able to see only such Information and resources that are immediately necessary.

So the idea of the principle is to grant just the minimum possible privileges to permit a legitimate action, in order to enhance protection of data and functionality from faults (fault tolerance) and malicious behaviour (computer security).

The principle of minimal privilege is also known as or similiar to POLA: principle of least authority (or access).

= History =

The principle came up around mid 70s, and generally the book Fault Tolerant Operating Systems by Peter J. Denning is referred as the original source, even though it was described under different names by many contemporary papers, like The protection of information in computer systems , by Saltzer and Schroeder.

The original formulation from Saltzer and Schroeder: : Every program and every user of the system should operate using the least set of privileges necessary to complete the job.

=See also=

= References =

= External links =