Quick Links & Suggestions
Press Enter to search site, Esc to exit
↑↓ Navigate

What is the principle of least privilege and why is it critical in DevOps?

Easy Topic: System Design May 24, 2026

The principle of least privilege (PoLP) states that any user, process, or service should only have the minimum permissions necessary to perform its function — nothing more.

In DevOps this applies to:

  • IAM roles: A Lambda function that reads from S3 should only have s3:GetObject on that specific bucket, not full S3 access.
  • Kubernetes RBAC: A deployment automation service account only needs update permissions on Deployments, not cluster-admin.
  • CI/CD tokens: A build token should be able to push to a registry but not manage IAM users.

Blast radius reduction: if credentials are compromised, least privilege limits what an attacker can do.

Next → What is SAST vs DAST and where do...

Practice Similar Questions

What is the difference between authentication and authorization?
Easy
How do you implement security scanning in a GitHub Actions...
Hard
What is Zero Trust Architecture and how does it apply...
Medium
Back to System Design Topics