Principle of Least Privilege

Grant only the minimum permissions necessary

“Every module must be able to access only the information and resources that are necessary for its legitimate purpose.”

When to use

Always. IAM roles, Database users, File permissions.

Why it matters

Security: If a component is compromised, the damage is limited to what that component could do.
Stability: Prevents accidental deletion of data by a read-only service.

Signs of Violation

Connecting to the database as root or sa.
Giving an AWS Lambda AdministratorAccess.
chmod 777.

Explanation

Problem

If a “Report Generator” script has DROP TABLE permissions, a bug in that script could wipe the database.

Solution

Give the “Report Generator” only SELECT permission on specific tables.

Real world analogy

Valet Key. You give the valet a special key that only starts the car and opens the door. It doesn’t open the glovebox or the trunk. They don’t need access to your trunk to park the car.

Pros and Cons

Pros	Cons
Minimizes blast radius	Management overhead (creating many roles)

Principle of Least Privilege

When to use

Why it matters

Signs of Violation

Explanation

Problem

Solution

Real world analogy

Pros and Cons

Comparison

Code example

Typescript

Bad (Violation)

Good (Adherence)

PHP

Bad (Violation)

Good (Adherence)