Principio
según el cual los sujetos deben acceder exclusivamente a aquellos objetos que
precisen inexcusablemente para ejecutar sus trabajos o procesos.
Es término
sinónimo de "necesidad de saber".
[Ribagorda:1997]
Postulado que
requiere que los sujetos de un sistema tengan habilitado, exclusivamente, el
derecho de acceso (escritura, lectura, etc.) a los objetos que ineludiblemente
requieran para cumplir las funciones del puesto que ocupan.
Es término
sinónimo de "necesidad de saber".
[Ribagorda:1997]
The principle that a
security architecture should be designed so that each entity is granted the
minimum system resources and authorizations that the entity needs to perform
its function. [CNSSI_4009:2010]
(I) The principle that a
security architecture should be designed so that each system entity is granted
the minimum system resources and authorizations that the entity needs to do its
work.
(Compare: economy of
mechanism, least trust.)
[RFC4949:2007]
This principle requires that
each subject in a system be granted the most restrictive set of privileges (or
lowest clearance) needed for the performance of authorized tasks. The
application of this principle limits the damage that can result from accident,
error, or unauthorized use. [TCSEC:1985]
Least Privilege is the
principle of allowing users or applications the least amount of permissions
necessary to perform their intended function.
http://www.sans.org/security-resources/glossary-of-terms/