In
information security,
computer science, and other fields, the
principle of least privilege (also known as the
principle of minimal privilege or the
principle of least authority) requires that in a particular
abstraction layer of a computing environment, every module (such as a
process, a
user, or a
program, depending on the subject) must be able to access only the information and
resources that are necessary for its legitimate purpose.