The Principle of Least Privilege (PoLP) requires that every module, user, or process must be able to access only the information and resources that are necessary for its legitimate purpose. It creates a restrictive environment where access is denied by default and explicitly granted only on a need-to-know basis.
PoLP minimizes the blast radius of a security incident. If a single component is compromised, the attacker is confined to the limited permissions of that component, preventing lateral movement across the network. It is the core tenet of Zero Trust architecture.
We apply PoLP fractally: from AWS IAM roles down to database users and file permissions. We reject "wildcard" permissions (*). Every permission grant is a risk acceptance decision that must be justified. Convenience is the enemy of security.