Least privilege

Least privilege is the principle that every user, service, and token should hold the minimum permissions required to do its job — and nothing more. It limits the blast radius when any single account is compromised: a marketing login that can't touch billing can't be used to drain it. In practice it means scoping integration tokens read-only, avoiding standing admin rights, and reviewing access regularly.