{"id":3324,"date":"2021-06-13T12:17:00","date_gmt":"2021-06-13T12:17:00","guid":{"rendered":"https:\/\/permsecure.com\/?p=3324"},"modified":"2024-12-18T13:18:37","modified_gmt":"2024-12-18T13:18:37","slug":"principle-of-least-privilege-polp-security-through-limited-access-rights","status":"publish","type":"post","link":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/","title":{"rendered":"Principle of Least Privilege (PoLP): Security through limited Access Rights"},"content":{"rendered":"\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained padding-inline-C2G2 padding-inline-M-C0G1 padding-top-pe-full\"><figure class=\"wp-block-post-featured-image\"><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"500\" src=\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"\" style=\"object-fit:cover;\" srcset=\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp 750w, https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg-300x200.webp 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/figure>\n\n\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-ad2f72ca wp-block-group-is-layout-flex padding-top-1em\"><div class=\"wp-block-avatar\"><img alt='Bartosz Grodzicki Avatar' src='https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-40x40.png' srcset='https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-80x80.png 2x' class='avatar avatar-40 photo wp-block-avatar__image' height='40' width='40' \/><\/div>\n\n<div class=\"wp-block-post-author padding-left-1em\"><div class=\"wp-block-post-author__content\"><p class=\"wp-block-post-author__name\">Bartosz Grodzicki<\/p><\/div><\/div>\n\n<div class=\"wp-block-post-date padding-left-1em\"><time datetime=\"2021-06-13T12:17:00+00:00\">06\/13\/2021<\/time><\/div><\/div>\n\n\n<h2 class=\"wp-block-post-title padding-bottom-0_25em padding-top-0_25em\">Principle of Least Privilege (PoLP): Security through limited Access Rights<\/h2>\n\n\n<div class=\"wp-block-group is-content-justification-left is-nowrap is-layout-flex wp-container-core-group-is-layout-f56a869c wp-block-group-is-layout-flex align-items-S-flex-start flex-flow-S-column\">\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-arrow-left is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-basics-4-color has-text-color has-link-color has-border-color has-basics-4-border-color wp-element-button\" href=\"\/en\/knowledge\/\" style=\"border-width:2px\">All articles<\/a><\/div>\n<\/div>\n\n\n<div class=\"taxonomy-category wp-block-button wp-block-button__link has-primary-3-background-color has-background wp-element-button wp-block-post-terms margin-left-C0G1 margin-left-S-C0G0 margin-top-S-C0G1\"><a href=\"https:\/\/permsecure.com\/en\/wissen\/#category-iam-en\/\" rel=\"tag\">IAM<\/a><\/div><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained padding-block-pe-full padding-inline-C2G2 padding-inline-M-C0G1\">\n<p>The General Data Protection Regulation of the European Union (EU GDPR) has been in force since May 2018 and presents every company with new and increased data protection requirements.\u00a0\u00a0<br>The processing of personal data, whether from customers, business partners or even the company\u2019s own employees, must be protected by appropriate measures to prevent misuse. Non-compliance with the GDPR threatens not only severe fines but also a loss of face, because every incident must be reported and all affected persons must be informed about it.\u00a0<\/p>\n\n\n\n<p>The Principle of Least Privilege can be a means of protecting the personal data processed in the company without disrupting operations.<\/p>\n\n\n<div class=\"table-of-contents\"><h3>Content<\/h3><ul><li class=\"h2\"><a href=\"#what-is-principle-of-least-privilege-polp\">What is Principle of Least Privilege (PoLP)?<\/a><\/li><li class=\"h2\"><a href=\"#polp-and-the-reality\">PoLP and the Reality<\/a><\/li><li class=\"h2\"><a href=\"#why-is-the-least-privilege-principle-important\">Why is the Least Privilege Principle important?<\/a><\/li><li class=\"h2\"><a href=\"#get-in-touch-with-us\">Get in touch with us<\/a><\/li><li class=\"h2\"><a href=\"#effective-use-of-polp\">Effective Use of PoLP<\/a><\/li><\/ul><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">What is Principle of Least Privilege (PoLP)?<\/h2>\n\n\n\n<p>The&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Principle_of_least_privilege\" target=\"_blank\" rel=\"noreferrer noopener\">Principle of Least Privilege<\/a>&nbsp;(PoLP) is a concept that serves data and information security.&nbsp; It is based on the principle that a user (or a system) is only given as many permissions to certain data as he needs to perform his tasks in the company \u2013 and no more.&nbsp;<\/p>\n\n\n\n<p>The original formulation of this principle came from\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Jerry_Saltzer\" target=\"_blank\" rel=\"noreferrer noopener\">Jerome Saltzer<\/a>, a U.S. computer scientist at MIT, and first appeared in the journal \u201cCommunications of the ACM\u201d:\u00a0<\/p>\n\n\n\n<div class=\"wp-block-group has-basics-1-background-color has-background is-layout-flow wp-block-group-is-layout-flow margin-bottom-C0G0 padding-C0G1 width-C8G0 width-M-C12G0\">\n<p class=\"has-primary-3-color has-text-color has-link-color has-h-3-font-size wp-elements-73eb094c0f94e1bffa6da3a4afdc87d0\">Quote:<\/p>\n\n\n\n<p>\u201cEvery program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.\u201d<\/p>\n<\/div>\n\n\n\n<p class=\"padding-top-1em\">PoLP is based on the fundamental assumption that an employee cannot do his or her job if he or she does not have minimum access rights in the company.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"padding-top-1em\">This principle is still an important component of a professional identity and access management strategy today.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-full-white-color has-secondary-4-background-color has-text-color has-background has-link-color wp-elements-c51a6cf5a938662f0b2b34224235bdcf is-layout-flow wp-block-group-is-layout-flow padding-block-pe-full padding-inline-C1G2 padding-inline-M-C0G1\">\n<div class=\"wp-block-group is-background has-secondary-4-background-color has-background is-layout-flow wp-block-group-is-layout-flow\"><\/div>\n\n\n\n<div class=\"wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-0dfbf163 wp-block-group-is-layout-flex align-items-flex-start flex-flow-S-column\">\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow padding-bottom-S-1em width-C5G0 width-S-C10G0\">\n<h2 class=\"wp-block-heading toc-ignore has-h-1-font-size padding-bottom-0_5em\">Get the Whitepaper!<\/h2>\n\n\n\n<p>Deepen your knowledge with our Whitepaper on IAM.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow width-C5G0 width-M-C6G0 width-S-C12G0\"><div class=\"wpforms-container wpforms-block wpforms-block-eca6757a-a186-4ce6-b491-f4e4ca6efff6 wpforms-render-modern\" id=\"wpforms-3179\"><form id=\"wpforms-form-3179\" class=\"wpforms-validate wpforms-form wpforms-ajax-form\" data-formid=\"3179\" method=\"post\" enctype=\"multipart\/form-data\" action=\"\/en\/wp-json\/wp\/v2\/posts\/3324\" data-token=\"caee2351ad7659822b9fc1e9dc60ee7e\" data-token-time=\"1776955092\"><noscript class=\"wpforms-error-noscript\">Please enable JavaScript in your browser to complete this form.<\/noscript><div id=\"wpforms-error-noscript\" style=\"display: none;\">Please enable JavaScript in your browser to complete this form.<\/div><div class=\"wpforms-field-container\"><div id=\"wpforms-3179-field_4-container\" class=\"wpforms-field wpforms-field-text\" data-field-id=\"4\"><label class=\"wpforms-field-label wpforms-label-hide\" for=\"wpforms-3179-field_4\" aria-hidden=\"false\">First Name <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/label><input type=\"text\" id=\"wpforms-3179-field_4\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][4]\" placeholder=\"First Name*\" aria-errormessage=\"wpforms-3179-field_4-error\" required><\/div><div id=\"wpforms-3179-field_5-container\" class=\"wpforms-field wpforms-field-text\" data-field-id=\"5\"><label class=\"wpforms-field-label wpforms-label-hide\" for=\"wpforms-3179-field_5\" aria-hidden=\"false\">Last Name <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/label><input type=\"text\" id=\"wpforms-3179-field_5\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][5]\" placeholder=\"Last Name*\" aria-errormessage=\"wpforms-3179-field_5-error\" required><\/div><div id=\"wpforms-3179-field_2-container\" class=\"wpforms-field wpforms-field-email\" data-field-id=\"2\"><label class=\"wpforms-field-label wpforms-label-hide\" for=\"wpforms-3179-field_2\" aria-hidden=\"false\">E-mail* <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/label><input type=\"email\" id=\"wpforms-3179-field_2\" class=\"wpforms-field-large wpforms-field-required\" data-rule-restricted-email=\"1\" name=\"wpforms[fields][2]\" placeholder=\"E-mail*\" spellcheck=\"false\" aria-errormessage=\"wpforms-3179-field_2-error\" required><\/div><div id=\"wpforms-3179-field_3-container\" class=\"wpforms-field wpforms-field-text\" data-field-id=\"3\"><label class=\"wpforms-field-label wpforms-label-hide\" for=\"wpforms-3179-field_3\" aria-hidden=\"false\">Company<\/label><input type=\"text\" id=\"wpforms-3179-field_3\" class=\"wpforms-field-large\" name=\"wpforms[fields][3]\" placeholder=\"Company\" aria-errormessage=\"wpforms-3179-field_3-error\" ><\/div>\t\t<div id=\"wpforms-3179-field_1-container\"\n\t\t\tclass=\"wpforms-field wpforms-field-text\"\n\t\t\tdata-field-type=\"text\"\n\t\t\tdata-field-id=\"1\"\n\t\t\t>\n\t\t\t<label class=\"wpforms-field-label\" for=\"wpforms-3179-field_1\" >Last Name Company<\/label>\n\t\t\t<input type=\"text\" id=\"wpforms-3179-field_1\" class=\"wpforms-field-medium\" name=\"wpforms[fields][1]\" >\n\t\t<\/div>\n\t\t<div id=\"wpforms-3179-field_6-container\" class=\"wpforms-field wpforms-field-checkbox color-secondary-1 has-copy-s-font-size\" data-field-id=\"6\"><fieldset><legend class=\"wpforms-field-label wpforms-label-hide\" aria-hidden=\"false\">Terms and Conditions <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/legend><ul id=\"wpforms-3179-field_6\" class=\"wpforms-field-required\"><li class=\"choice-1 depth-1\"><input type=\"checkbox\" id=\"wpforms-3179-field_6_1\" name=\"wpforms[fields][6][]\" value=\"I accept the privacy policy.\" aria-errormessage=\"wpforms-3179-field_6_1-error\" required ><label class=\"wpforms-field-label-inline\" for=\"wpforms-3179-field_6_1\">I accept the privacy policy.<\/label><\/li><\/ul><\/fieldset><\/div><script>\n\t\t\t\t( function() {\n\t\t\t\t\tconst style = document.createElement( 'style' );\n\t\t\t\t\tstyle.appendChild( document.createTextNode( '#wpforms-3179-field_1-container { position: absolute !important; overflow: hidden !important; display: inline !important; height: 1px !important; width: 1px !important; z-index: -1000 !important; padding: 0 !important; } #wpforms-3179-field_1-container input { visibility: hidden; } #wpforms-conversational-form-page #wpforms-3179-field_1-container label { counter-increment: none; }' ) );\n\t\t\t\t\tdocument.head.appendChild( style );\n\t\t\t\t\tdocument.currentScript?.remove();\n\t\t\t\t} )();\n\t\t\t<\/script><\/div><!-- .wpforms-field-container --><div class=\"wpforms-submit-container\" ><input type=\"hidden\" name=\"wpforms[id]\" value=\"3179\"><input type=\"hidden\" name=\"page_title\" value=\"\"><input type=\"hidden\" name=\"page_url\" value=\"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/posts\/3324\"><input type=\"hidden\" name=\"url_referer\" value=\"\"><button type=\"submit\" name=\"wpforms[submit]\" id=\"wpforms-submit-3179\" class=\"wpforms-submit has-secondary-3-background-color\" data-alt-text=\"Please wait...\" data-submit-text=\"Submit\" aria-live=\"assertive\" value=\"wpforms-submit\">Submit<\/button><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/permsecure.com\/wp-content\/plugins\/wpforms\/assets\/images\/submit-spin.svg\" class=\"wpforms-submit-spinner\" style=\"display: none;\" width=\"26\" height=\"26\" alt=\"Loading\"><\/div><\/form><\/div>  <!-- .wpforms-container --><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained padding-block-pe-full padding-inline-C2G2 padding-inline-M-C0G1\">\n<h2 class=\"wp-block-heading\">PoLP and the Reality<\/h2>\n\n\n\n<p>Historically, the reality in many companies is that so-called \u201cprivilege creep\u201d continues to be practiced. This is understood to mean the collection of permissions and accesses by an employee throughout his or her entire user lifecycle.&nbsp;But how does this collection flood come about? An example.&nbsp;<\/p>\n\n\n\n<p>At the beginning of his job, the new employee is given the fewest permissions because the onboarding process requires it.&nbsp;Then the user only gets his account, a mailbox, a home directory and access to folders of his department and those that are accessible to everyone.&nbsp;So far, so good.&nbsp;&nbsp;<\/p>\n\n\n\n<p>However, it often happens that permissions of an existing or former employee are copied to the new employee due to time constraints \u2013 without checking them beforehand.&nbsp;<\/p>\n\n\n\n<p>Then the employee gets his first projects and his accesses are extended.&nbsp;&nbsp;<br>The same applies to ad hoc orders. These are to be fulfilled as quickly as possible, and permissions are also quickly assigned past the approval process.<\/p>\n\n\n\n<p>A change of department on the part of the employee is also connected with new permissions and accesses.&nbsp;<\/p>\n\n\n\n<p>The trend towards home offices in the last two years also does its part to extend an employee\u2019s access (e.g., through VPN access or access to web applications that he should\/must use from the home office).&nbsp;<\/p>\n\n\n\n<p>All the scenarios described above are not uncommon and occur very often in companies. The real problem is that the old or no longer necessary permissions are not removed from the employee during his lifecycle (and often beyond). Thus, the employee diligently collects accesses in the company and becomes a \u201cprivilege creeper\u201d.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why is the Least Privilege Principle important?<\/h2>\n\n\n\n<p>The Least Privilege principle, as a component of endpoint security, can help prevent malware, Trojans and Ramsonware from spreading uncontrollably in systems and infrastructure. By means of controlled privilege management, you restrict the movement of malware directly from your gateway (phishing emails, zero-day exploits, software security bugs, \u2026). In this context, special attention should be paid to administrator and superuser accounts (e.g. database, network and system administrators). Since these types of accounts usually have few but far-reaching permissions, they are a welcome target for attacks.&nbsp;<\/p>\n\n\n\n<p>Another use for PoLP is to prevent data misuse. Of course, you don\u2019t assume that an employee will steal company data. Nevertheless, one does well to limit the assignment of permissions for an employee to the minimum. Often, employees are offered to work from home via VPN and forget to think about \u201cdata loss prevention\u201d.&nbsp;&nbsp;<br>In this context, former employees should not be ignored. If they still have active access rights, which may have been overlooked during manual offboarding, they also pose a threat to data security.&nbsp;<\/p>\n\n\n\n<p>The IT department often assigns permissions to department heads, for example, so that they can control the permissions to a system or area themselves. In this way, the IT department delegates the control of access rights to the business department and also saves time, since there is one less task to be completed. Actually a good approach \u2013 but with a flaw.&nbsp;&nbsp;<br>Without the use of an IAM solution in which the PoLP and the approval regulations are implemented, IT is no longer able to track and evaluate all the permissions and accesses assigned to employees. The original time savings are gone by the time of the next internal audit, because the IT department then has to involve every department in order to collect all the reports required for the audit.&nbsp;<\/p>\n\n\n\n<p>By using PoLP in data protection concepts, it is possible to adhere to compliance requirements and optimize internal audits. In addition to the guidelines of the GDPR, the requirements of the BSI (Federal Office for Information Security) are also relevant for companies in Germany. In the BSI\u2019s ORP.4 module, it is written that \u201caccess to an institution\u2019s resources worthy of protection must be restricted to authorized users and authorized IT components\u201d. In addition, all authorized user IDs, groups and rights profiles must be fully documented.<\/p>\n<\/div>\n\n\n\n<div id=\"contact-form\" class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group has-full-white-color has-secondary-4-background-color has-text-color has-background has-link-color wp-elements-af085e2eb3cb784d8b55c42a86d5ba58 is-layout-flow wp-block-group-is-layout-flow padding-block-pe-full padding-inline-C1G2 padding-inline-M-C0G1\">\n<div class=\"wp-block-group is-background has-secondary-4-background-color has-background is-layout-flow wp-block-group-is-layout-flow\"><\/div>\n\n\n\n<div class=\"wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-0dfbf163 wp-block-group-is-layout-flex align-items-flex-start flex-flow-S-column\">\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow padding-bottom-S-1em width-C5G0 width-S-C10G0\">\n<h2 class=\"wp-block-heading is-style-h2 has-h-1-font-size padding-bottom-0_5em\">Get in touch with us<\/h2>\n\n\n\n<p>Do you have any questions about our products or services? Do you need support?<\/p>\n\n\n\n<p>We will be happy to help you!<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow width-C5G0 width-M-C6G0 width-S-C12G0\"><div class=\"wpforms-container wpforms-block wpforms-block-eca6757a-a186-4ce6-b491-f4e4ca6efff6 wpforms-render-modern\" id=\"wpforms-3146\"><form id=\"wpforms-form-3146\" class=\"wpforms-validate wpforms-form wpforms-ajax-form\" data-formid=\"3146\" method=\"post\" enctype=\"multipart\/form-data\" action=\"\/en\/wp-json\/wp\/v2\/posts\/3324\" data-token=\"83af1987504284dce6cc420bbe073a5e\" data-token-time=\"1776955092\"><noscript class=\"wpforms-error-noscript\">Please enable JavaScript in your browser to complete this form.<\/noscript><div id=\"wpforms-error-noscript\" style=\"display: none;\">Please enable JavaScript in your browser to complete this form.<\/div><div class=\"wpforms-field-container\"><div id=\"wpforms-3146-field_4-container\" class=\"wpforms-field wpforms-field-text\" data-field-id=\"4\"><label class=\"wpforms-field-label wpforms-label-hide\" for=\"wpforms-3146-field_4\" aria-hidden=\"false\">First Name <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/label><input type=\"text\" id=\"wpforms-3146-field_4\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][4]\" placeholder=\"First Name*\" aria-errormessage=\"wpforms-3146-field_4-error\" required><\/div><div id=\"wpforms-3146-field_5-container\" class=\"wpforms-field wpforms-field-text\" data-field-id=\"5\"><label class=\"wpforms-field-label wpforms-label-hide\" for=\"wpforms-3146-field_5\" aria-hidden=\"false\">Last Name <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/label><input type=\"text\" id=\"wpforms-3146-field_5\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][5]\" placeholder=\"Last Name*\" aria-errormessage=\"wpforms-3146-field_5-error\" required><\/div><div id=\"wpforms-3146-field_2-container\" class=\"wpforms-field wpforms-field-email\" data-field-id=\"2\"><label class=\"wpforms-field-label wpforms-label-hide\" for=\"wpforms-3146-field_2\" aria-hidden=\"false\">E-mail* <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/label><input type=\"email\" id=\"wpforms-3146-field_2\" class=\"wpforms-field-large wpforms-field-required\" data-rule-restricted-email=\"1\" name=\"wpforms[fields][2]\" placeholder=\"E-mail*\" spellcheck=\"false\" aria-errormessage=\"wpforms-3146-field_2-error\" required><\/div>\t\t<div id=\"wpforms-3146-field_1-container\"\n\t\t\tclass=\"wpforms-field wpforms-field-text\"\n\t\t\tdata-field-type=\"text\"\n\t\t\tdata-field-id=\"1\"\n\t\t\t>\n\t\t\t<label class=\"wpforms-field-label\" for=\"wpforms-3146-field_1\" >and E-mail* First<\/label>\n\t\t\t<input type=\"text\" id=\"wpforms-3146-field_1\" class=\"wpforms-field-medium\" name=\"wpforms[fields][1]\" >\n\t\t<\/div>\n\t\t<div id=\"wpforms-3146-field_3-container\" class=\"wpforms-field wpforms-field-text\" data-field-id=\"3\"><label class=\"wpforms-field-label wpforms-label-hide\" for=\"wpforms-3146-field_3\" aria-hidden=\"false\">Company <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/label><input type=\"text\" id=\"wpforms-3146-field_3\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][3]\" placeholder=\"Company*\" aria-errormessage=\"wpforms-3146-field_3-error\" required><\/div><div id=\"wpforms-3146-field_7-container\" class=\"wpforms-field wpforms-field-textarea\" data-field-id=\"7\"><label class=\"wpforms-field-label wpforms-label-hide\" for=\"wpforms-3146-field_7\" aria-hidden=\"false\">Nachricht <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/label><textarea id=\"wpforms-3146-field_7\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][7]\" placeholder=\"Message*\" aria-errormessage=\"wpforms-3146-field_7-error\" required><\/textarea><\/div><div id=\"wpforms-3146-field_6-container\" class=\"wpforms-field wpforms-field-checkbox color-secondary-1 has-copy-s-font-size\" data-field-id=\"6\"><fieldset><legend class=\"wpforms-field-label wpforms-label-hide\" aria-hidden=\"false\">Terms and Conditions <span class=\"wpforms-required-label\" aria-hidden=\"true\">*<\/span><\/legend><ul id=\"wpforms-3146-field_6\" class=\"wpforms-field-required\"><li class=\"choice-1 depth-1\"><input type=\"checkbox\" id=\"wpforms-3146-field_6_1\" name=\"wpforms[fields][6][]\" value=\"I accept the privacy policy.\" aria-errormessage=\"wpforms-3146-field_6_1-error\" required ><label class=\"wpforms-field-label-inline\" for=\"wpforms-3146-field_6_1\">I accept the privacy policy.<\/label><\/li><\/ul><\/fieldset><\/div><script>\n\t\t\t\t( function() {\n\t\t\t\t\tconst style = document.createElement( 'style' );\n\t\t\t\t\tstyle.appendChild( document.createTextNode( '#wpforms-3179-field_1-container,#wpforms-3146-field_1-container { position: absolute !important; overflow: hidden !important; display: inline !important; height: 1px !important; width: 1px !important; z-index: -1000 !important; padding: 0 !important; } #wpforms-3179-field_1-container,#wpforms-3146-field_1-container input { visibility: hidden; } #wpforms-conversational-form-page #wpforms-3179-field_1-container,#wpforms-3146-field_1-container label { counter-increment: none; }' ) );\n\t\t\t\t\tdocument.head.appendChild( style );\n\t\t\t\t\tdocument.currentScript?.remove();\n\t\t\t\t} )();\n\t\t\t<\/script><\/div><!-- .wpforms-field-container --><div class=\"wpforms-submit-container\" ><input type=\"hidden\" name=\"wpforms[id]\" value=\"3146\"><input type=\"hidden\" name=\"page_title\" value=\"\"><input type=\"hidden\" name=\"page_url\" value=\"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/posts\/3324\"><input type=\"hidden\" name=\"url_referer\" value=\"\"><button type=\"submit\" name=\"wpforms[submit]\" id=\"wpforms-submit-3146\" class=\"wpforms-submit has-secondary-3-background-color\" data-alt-text=\"Please wait...\" data-submit-text=\"Submit\" aria-live=\"assertive\" value=\"wpforms-submit\">Submit<\/button><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/permsecure.com\/wp-content\/plugins\/wpforms\/assets\/images\/submit-spin.svg\" class=\"wpforms-submit-spinner\" style=\"display: none;\" width=\"26\" height=\"26\" alt=\"Loading\"><\/div><\/form><\/div>  <!-- .wpforms-container --><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained padding-block-pe-full padding-inline-C2G2 padding-inline-M-C0G1\">\n<h2 class=\"wp-block-heading\">Effective Use of PoLP<\/h2>\n\n\n\n<p>The basic prerequisite for effective use of PoLP is the implementation of an identity and access management system (short: IAM system) that offers functionalities for compliant data protection, as well as regulated permission management for all systems used in the company and the infrastructure.&nbsp;The concept must include both an \u201cinventory\u201d of all permissions in the company as well as cleaning up superfluous and incorrect ones and optimizing existing permission structures.&nbsp;<\/p>\n\n\n\n<p>Once this is done, the least privilege principle can be applied by creating permission packages and integrating them into the IAM. Such a package always contains all the necessary permissions for a group of people (e.g. departments) or a task (e.g. system administrator CRM). Thus one has clearly delimited permission levels, which can be assigned to appropriate employees. In addition, such packages facilitate the documentation and traceability of assigned permissions.&nbsp;<br>The permission packages described can also be compared well with Role Based Access Control (RBAC).&nbsp;This concept provides for access rights to be assigned not according to individual users, but on the basis of defined roles, which are derived, for example, from the department, function, location and cost center of an employee in the organization.&nbsp;<\/p>\n\n\n\n<p>Modern IAM systems offer the possibility of mapping these permission packages and also distributing them to employees automatically and in an audit-proof manner.&nbsp;In doing so, the system relies on a set of rules that checks an employee\u2019s personal master data or technical accounts regularly or in the event of changes and assigns or withdraws the packages accordingly.&nbsp;&nbsp;<br>In this way, it can be ensured that an employee receives a basic set of rights during onboarding, which are automatically adjusted to the employee in the context of changes and are also completely withdrawn again during offboarding.&nbsp;<\/p>\n\n\n\n<p>In summary, the least privilege principle is a good approach to increasing data security in a company and implementing the legal requirements of the DSGVO and the BSI. Regardless of whether an SME manages the permissions manually using the defined concept or automates them by using an IAM system.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-basics-1-background-color has-background is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-0dfbf163 wp-block-group-is-layout-flex padding-block-pe-full padding-inline-C1G2\">\n<div class=\"wp-block-group is-background has-basics-1-background-color has-background is-layout-flow wp-block-group-is-layout-flow\"><\/div>\n\n\n\n<div class=\"wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-5054138e wp-block-group-is-layout-flex width-C2G0\"><div class=\"wp-block-avatar max-width-150px width-C2G0\"><img alt='Bartosz Grodzicki Avatar' src='https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-128x128.png' srcset='https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-256x256.png 2x' class='avatar avatar-128 photo wp-block-avatar__image' height='128' width='128' \/><\/div><\/div>\n\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow width-C8G0\">\n<p class=\"has-h-3-font-size\">About the Author<\/p>\n\n\n\n<p>Bartosz Grodzicki is a Senior Consultant at permSECURE. He has been designing and supporting IAM projects and helping customers to optimise their user and resource management since 2013.<\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained padding-block-pe-full padding-inline-C0G1\">\n<p class=\"has-text-align-center has-h-1-font-size padding-bottom-0_5em\">Related Articles<\/p>\n\n\n\n<div class=\"wp-block-query is-layout-flow wp-block-query-is-layout-flow width-C12G1\"><ul class=\"columns-3 wp-block-post-template is-layout-grid wp-container-core-post-template-is-layout-2fc57c17 wp-block-post-template-is-layout-grid display-flex flex-flow-M-column flex-flow-row\"><li class=\"wp-block-post post-3866 post type-post status-publish format-standard has-post-thumbnail hentry category-iam-en tag-iam\">\n\n<div class=\"wp-block-group has-border-color has-full-white-background-color has-background is-layout-flow wp-block-group-is-layout-flow display-flex flex-flow-column margin-bottom-M-C0G1 margin-right-C0G1 overflow-hidden padding-bottom-C0G1 width-C4G0 width-M-C12G0 display-flex flex-flow-M-column flex-flow-row\" style=\"border-color:var(--theme-color-basics-2);border-width:1px;border-radius:7px;\"><figure class=\"wp-block-post-featured-image padding-left-M-C0G1 padding-left-S-C0G0 padding-top-M-C0G1 padding-top-S-C0G0 width-M-C6G0 width-S-C12G0\"><a href=\"https:\/\/permsecure.com\/en\/roles-profiles-how-to-build-them-efficiently\/\" target=\"_self\"  ><img loading=\"lazy\" decoding=\"async\" width=\"2048\" height=\"1142\" src=\"https:\/\/permsecure.com\/wp-content\/uploads\/2025\/06\/NIS2_Richtlinien_Header-1.jpeg\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Roles\/Profiles \u2013 How to build them efficiently?\" style=\"object-fit:cover;\" srcset=\"https:\/\/permsecure.com\/wp-content\/uploads\/2025\/06\/NIS2_Richtlinien_Header-1.jpeg 2048w, https:\/\/permsecure.com\/wp-content\/uploads\/2025\/06\/NIS2_Richtlinien_Header-1-300x167.jpeg 300w, https:\/\/permsecure.com\/wp-content\/uploads\/2025\/06\/NIS2_Richtlinien_Header-1-1024x571.jpeg 1024w, https:\/\/permsecure.com\/wp-content\/uploads\/2025\/06\/NIS2_Richtlinien_Header-1-768x428.jpeg 768w, https:\/\/permsecure.com\/wp-content\/uploads\/2025\/06\/NIS2_Richtlinien_Header-1-1536x857.jpeg 1536w\" sizes=\"auto, (max-width: 2048px) 100vw, 2048px\" \/><\/a><\/figure>\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow padding-inline-C0G1 padding-top-1em\"><div class=\"taxonomy-category has-link-color wp-elements-57bb6342f41bb39ba3f65dd8300fffbc wp-block-post-terms has-text-color has-basics-3-color padding-bottom-0_5em pointer-events-none text-decoration-none\"><a href=\"https:\/\/permsecure.com\/en\/wissen\/#category-iam-en\/\" rel=\"tag\">IAM<\/a><\/div>\n\n<h2 class=\"has-link-color wp-elements-211ad1cc0f2e5d4e47476b0f3c1e7f56 wp-block-post-title has-text-color has-basics-6-color has-h-4-font-size\"><a href=\"https:\/\/permsecure.com\/en\/roles-profiles-how-to-build-them-efficiently\/\" target=\"_self\" >Roles\/Profiles \u2013 How to build them efficiently?<\/a><\/h2>\n\n<div class=\"wp-block-post-excerpt padding-bottom-1em\"><p class=\"wp-block-post-excerpt__excerpt\">In zentralen Bereichen des Wirtschaftslebens wie Energie, IT, Transport und Wasserversorgung soll die NIS2-Richtlinie in der EU f\u00fcr einheitliche Sicherheitsstandards sorgen und die Resilienz von IT-Systemen sowohl physisch wie auch digital sicherstellen. Aber was bedeutet das konkret f\u00fcr die betroffenen Unternehmen? Welche Auflagen haben<\/p><p class=\"wp-block-post-excerpt__more-text\"><a class=\"wp-block-post-excerpt__more-link\" href=\"https:\/\/permsecure.com\/en\/roles-profiles-how-to-build-them-efficiently\/\">Show full article<\/a><\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-ad2f72ca wp-block-group-is-layout-flex padding-inline-C0G1\"><div class=\"wp-block-avatar\"><img alt='Thomas Kloos Avatar' src='https:\/\/secure.gravatar.com\/avatar\/23669473f98a5ab45e48fa91eff8246008daaace4d861d46217ef3941f2e0a66?s=50&#038;d=mm&#038;r=g' srcset='https:\/\/secure.gravatar.com\/avatar\/23669473f98a5ab45e48fa91eff8246008daaace4d861d46217ef3941f2e0a66?s=100&#038;d=mm&#038;r=g 2x' class='avatar avatar-50 photo wp-block-avatar__image' height='50' width='50' \/><\/div>\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow padding-left-0_5em\"><div class=\"wp-block-post-date has-copy-s-font-size\"><time datetime=\"2025-06-04T11:55:03+00:00\">04.06.2025<\/time><\/div>\n\n<div class=\"wp-block-post-author-name has-copy-s-font-size\">Thomas Kloos<\/div><\/div>\n<\/div>\n<\/div>\n\n<\/li><li class=\"wp-block-post post-3263 post type-post status-publish format-standard has-post-thumbnail hentry category-iam-en tag-benutzerverwaltung-featured-en tag-iam tag-related_berechtigungsverwaltung_vs_identity-en tag-related_rezertifizierung-en\">\n\n<div class=\"wp-block-group has-border-color has-full-white-background-color has-background is-layout-flow wp-block-group-is-layout-flow display-flex flex-flow-column margin-bottom-M-C0G1 margin-right-C0G1 overflow-hidden padding-bottom-C0G1 width-C4G0 width-M-C12G0 display-flex flex-flow-M-column flex-flow-row\" style=\"border-color:var(--theme-color-basics-2);border-width:1px;border-radius:7px;\"><figure class=\"wp-block-post-featured-image padding-left-M-C0G1 padding-left-S-C0G0 padding-top-M-C0G1 padding-top-S-C0G0 width-M-C6G0 width-S-C12G0\"><a href=\"https:\/\/permsecure.com\/en\/rollen-profile-wie-baut-man-sie-effizient-auf\/\" target=\"_self\"  ><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"500\" src=\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/Rolle_Profile.jpg.webp\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Roles\/Profiles \u2013 How to build them efficiently?\" style=\"object-fit:cover;\" srcset=\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/Rolle_Profile.jpg.webp 750w, https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/Rolle_Profile.jpg-300x200.webp 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/figure>\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow padding-inline-C0G1 padding-top-1em\"><div class=\"taxonomy-category has-link-color wp-elements-57bb6342f41bb39ba3f65dd8300fffbc wp-block-post-terms has-text-color has-basics-3-color padding-bottom-0_5em pointer-events-none text-decoration-none\"><a href=\"https:\/\/permsecure.com\/en\/wissen\/#category-iam-en\/\" rel=\"tag\">IAM<\/a><\/div>\n\n<h2 class=\"has-link-color wp-elements-211ad1cc0f2e5d4e47476b0f3c1e7f56 wp-block-post-title has-text-color has-basics-6-color has-h-4-font-size\"><a href=\"https:\/\/permsecure.com\/en\/rollen-profile-wie-baut-man-sie-effizient-auf\/\" target=\"_self\" >Roles\/Profiles \u2013 How to build them efficiently?<\/a><\/h2>\n\n<div class=\"wp-block-post-excerpt padding-bottom-1em\"><p class=\"wp-block-post-excerpt__excerpt\">The goal of modern identity and access management systems (IAM systems for short) is not only to manage user management and its processes, but also to distribute and also remove the resources and permissions managed therein efficiently and in line with requirements. This is<\/p><p class=\"wp-block-post-excerpt__more-text\"><a class=\"wp-block-post-excerpt__more-link\" href=\"https:\/\/permsecure.com\/en\/rollen-profile-wie-baut-man-sie-effizient-auf\/\">Show full article<\/a><\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-ad2f72ca wp-block-group-is-layout-flex padding-inline-C0G1\"><div class=\"wp-block-avatar\"><img alt='Bartosz Grodzicki Avatar' src='https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-50x50.png' srcset='https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-100x100.png 2x' class='avatar avatar-50 photo wp-block-avatar__image' height='50' width='50' \/><\/div>\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow padding-left-0_5em\"><div class=\"wp-block-post-date has-copy-s-font-size\"><time datetime=\"2022-06-22T08:41:00+00:00\">22.06.2022<\/time><\/div>\n\n<div class=\"wp-block-post-author-name has-copy-s-font-size\">Bartosz Grodzicki<\/div><\/div>\n<\/div>\n<\/div>\n\n<\/li><li class=\"wp-block-post post-3312 post type-post status-publish format-standard has-post-thumbnail hentry category-iam-en tag-benutzerverwaltung-featured-en tag-iam tag-related_rezertifizierung-en tag-tenfold-featured-en\">\n\n<div class=\"wp-block-group has-border-color has-full-white-background-color has-background is-layout-flow wp-block-group-is-layout-flow display-flex flex-flow-column margin-bottom-M-C0G1 margin-right-C0G1 overflow-hidden padding-bottom-C0G1 width-C4G0 width-M-C12G0 display-flex flex-flow-M-column flex-flow-row\" style=\"border-color:var(--theme-color-basics-2);border-width:1px;border-radius:7px;\"><figure class=\"wp-block-post-featured-image padding-left-M-C0G1 padding-left-S-C0G0 padding-top-M-C0G1 padding-top-S-C0G0 width-M-C6G0 width-S-C12G0\"><a href=\"https:\/\/permsecure.com\/en\/permission-management-vs-identity-access-management-what-is-the-difference\/\" target=\"_self\"  ><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"500\" src=\"https:\/\/permsecure.com\/wp-content\/uploads\/2021\/08\/ARMvsIAM.jpg.webp\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Permission Management vs. Identity &amp; Access Management \u2013 What is the difference?\" style=\"object-fit:cover;\" srcset=\"https:\/\/permsecure.com\/wp-content\/uploads\/2021\/08\/ARMvsIAM.jpg.webp 750w, https:\/\/permsecure.com\/wp-content\/uploads\/2021\/08\/ARMvsIAM.jpg-300x200.webp 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/figure>\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow padding-inline-C0G1 padding-top-1em\"><div class=\"taxonomy-category has-link-color wp-elements-57bb6342f41bb39ba3f65dd8300fffbc wp-block-post-terms has-text-color has-basics-3-color padding-bottom-0_5em pointer-events-none text-decoration-none\"><a href=\"https:\/\/permsecure.com\/en\/wissen\/#category-iam-en\/\" rel=\"tag\">IAM<\/a><\/div>\n\n<h2 class=\"has-link-color wp-elements-211ad1cc0f2e5d4e47476b0f3c1e7f56 wp-block-post-title has-text-color has-basics-6-color has-h-4-font-size\"><a href=\"https:\/\/permsecure.com\/en\/permission-management-vs-identity-access-management-what-is-the-difference\/\" target=\"_self\" >Permission Management vs. Identity &amp; Access Management \u2013 What is the difference?<\/a><\/h2>\n\n<div class=\"wp-block-post-excerpt padding-bottom-1em\"><p class=\"wp-block-post-excerpt__excerpt\">Employees in organizations need access to various resources (e.g. groups, applications, systems \u2026) for their tasks. Managing these accesses is a challenge because the requirements are always changing as soon as new applications are added or users require additional access permissions. Often, in this<\/p><p class=\"wp-block-post-excerpt__more-text\"><a class=\"wp-block-post-excerpt__more-link\" href=\"https:\/\/permsecure.com\/en\/permission-management-vs-identity-access-management-what-is-the-difference\/\">Show full article<\/a><\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-ad2f72ca wp-block-group-is-layout-flex padding-inline-C0G1\"><div class=\"wp-block-avatar\"><img alt='Bartosz Grodzicki Avatar' src='https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-50x50.png' srcset='https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-100x100.png 2x' class='avatar avatar-50 photo wp-block-avatar__image' height='50' width='50' \/><\/div>\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow padding-left-0_5em\"><div class=\"wp-block-post-date has-copy-s-font-size\"><time datetime=\"2021-08-26T11:42:00+00:00\">26.08.2021<\/time><\/div>\n\n<div class=\"wp-block-post-author-name has-copy-s-font-size\">Bartosz Grodzicki<\/div><\/div>\n<\/div>\n<\/div>\n\n<\/li><\/ul><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The General Data Protection Regulation of the European Union (EU GDPR) has been in force since May 2018 and presents every company with new and increased data protection requirements.\u00a0\u00a0The processing of personal data, whether from customers, business partners or even the company\u2019s own employees,&hellip;<\/p>\n","protected":false},"author":3,"featured_media":2459,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[42],"tags":[56,44,45],"class_list":["post-3324","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iam-en","tag-iam","tag-related_berechtigungsverwaltung_vs_identity-en","tag-related_rezertifizierung-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Principle of Least Privilege (PoLP): Security through limited Access Rights - permSECURE GmbH - development<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Principle of Least Privilege (PoLP): Security through limited Access Rights - permSECURE GmbH - development\" \/>\n<meta property=\"og:description\" content=\"The General Data Protection Regulation of the European Union (EU GDPR) has been in force since May 2018 and presents every company with new and increased data protection requirements.\u00a0\u00a0The processing of personal data, whether from customers, business partners or even the company\u2019s own employees,&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/\" \/>\n<meta property=\"og:site_name\" content=\"permSECURE GmbH - development\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-13T12:17:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-18T13:18:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"750\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Bartosz Grodzicki\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bartosz Grodzicki\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/\"},\"author\":{\"name\":\"Bartosz Grodzicki\",\"@id\":\"https:\/\/permsecure.com\/en\/#\/schema\/person\/28a3d9854a23bdb48c516c2de23a446e\"},\"headline\":\"Principle of Least Privilege (PoLP): Security through limited Access Rights\",\"datePublished\":\"2021-06-13T12:17:00+00:00\",\"dateModified\":\"2024-12-18T13:18:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/\"},\"wordCount\":1378,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/permsecure.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp\",\"keywords\":[\"IAM\",\"related_Berechtigungsverwaltung_vs_Identity\",\"related_Rezertifizierung\"],\"articleSection\":[\"IAM\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/\",\"url\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/\",\"name\":\"Principle of Least Privilege (PoLP): Security through limited Access Rights - permSECURE GmbH - development\",\"isPartOf\":{\"@id\":\"https:\/\/permsecure.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp\",\"datePublished\":\"2021-06-13T12:17:00+00:00\",\"dateModified\":\"2024-12-18T13:18:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#primaryimage\",\"url\":\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp\",\"contentUrl\":\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp\",\"width\":750,\"height\":500},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/permsecure.com\/en\/home\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Principle of Least Privilege (PoLP): Security through limited Access Rights\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/permsecure.com\/en\/#website\",\"url\":\"https:\/\/permsecure.com\/en\/\",\"name\":\"permSECURE GmbH - development\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/permsecure.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/permsecure.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/permsecure.com\/en\/#organization\",\"name\":\"permSECURE GmbH - development\",\"url\":\"https:\/\/permsecure.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/permsecure.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/10\/PermSecure-Logo.png\",\"contentUrl\":\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/10\/PermSecure-Logo.png\",\"width\":193,\"height\":206,\"caption\":\"permSECURE GmbH - development\"},\"image\":{\"@id\":\"https:\/\/permsecure.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/permsecure.com\/en\/#\/schema\/person\/28a3d9854a23bdb48c516c2de23a446e\",\"name\":\"Bartosz Grodzicki\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/permsecure.com\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-96x96.png\",\"contentUrl\":\"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-96x96.png\",\"caption\":\"Bartosz Grodzicki\"},\"description\":\"Bartosz Grodzicki ist Senior Consultant bei der Firma permSECURE. Bereits seit 2013 konzeptioniert und begleitet er IAM-Projekte und unterst\u00fctzt Kunden dabei, ihre Benutzer- und Ressourcenverwaltung zu optimieren.\",\"url\":\"https:\/\/permsecure.com\/en\/author\/bartosz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Principle of Least Privilege (PoLP): Security through limited Access Rights - permSECURE GmbH - development","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/","og_locale":"en_US","og_type":"article","og_title":"Principle of Least Privilege (PoLP): Security through limited Access Rights - permSECURE GmbH - development","og_description":"The General Data Protection Regulation of the European Union (EU GDPR) has been in force since May 2018 and presents every company with new and increased data protection requirements.\u00a0\u00a0The processing of personal data, whether from customers, business partners or even the company\u2019s own employees,&hellip;","og_url":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/","og_site_name":"permSECURE GmbH - development","article_published_time":"2021-06-13T12:17:00+00:00","article_modified_time":"2024-12-18T13:18:37+00:00","og_image":[{"width":750,"height":500,"url":"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp","type":"image\/webp"}],"author":"Bartosz Grodzicki","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Bartosz Grodzicki","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#article","isPartOf":{"@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/"},"author":{"name":"Bartosz Grodzicki","@id":"https:\/\/permsecure.com\/en\/#\/schema\/person\/28a3d9854a23bdb48c516c2de23a446e"},"headline":"Principle of Least Privilege (PoLP): Security through limited Access Rights","datePublished":"2021-06-13T12:17:00+00:00","dateModified":"2024-12-18T13:18:37+00:00","mainEntityOfPage":{"@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/"},"wordCount":1378,"commentCount":0,"publisher":{"@id":"https:\/\/permsecure.com\/en\/#organization"},"image":{"@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#primaryimage"},"thumbnailUrl":"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp","keywords":["IAM","related_Berechtigungsverwaltung_vs_Identity","related_Rezertifizierung"],"articleSection":["IAM"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/","url":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/","name":"Principle of Least Privilege (PoLP): Security through limited Access Rights - permSECURE GmbH - development","isPartOf":{"@id":"https:\/\/permsecure.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#primaryimage"},"image":{"@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#primaryimage"},"thumbnailUrl":"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp","datePublished":"2021-06-13T12:17:00+00:00","dateModified":"2024-12-18T13:18:37+00:00","breadcrumb":{"@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#primaryimage","url":"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp","contentUrl":"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/PoLP.jpg.webp","width":750,"height":500},{"@type":"BreadcrumbList","@id":"https:\/\/permsecure.com\/en\/principle-of-least-privilege-polp-security-through-limited-access-rights\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/permsecure.com\/en\/home\/"},{"@type":"ListItem","position":2,"name":"Principle of Least Privilege (PoLP): Security through limited Access Rights"}]},{"@type":"WebSite","@id":"https:\/\/permsecure.com\/en\/#website","url":"https:\/\/permsecure.com\/en\/","name":"permSECURE GmbH - development","description":"","publisher":{"@id":"https:\/\/permsecure.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/permsecure.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/permsecure.com\/en\/#organization","name":"permSECURE GmbH - development","url":"https:\/\/permsecure.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/permsecure.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/10\/PermSecure-Logo.png","contentUrl":"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/10\/PermSecure-Logo.png","width":193,"height":206,"caption":"permSECURE GmbH - development"},"image":{"@id":"https:\/\/permsecure.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/permsecure.com\/en\/#\/schema\/person\/28a3d9854a23bdb48c516c2de23a446e","name":"Bartosz Grodzicki","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/permsecure.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-96x96.png","contentUrl":"https:\/\/permsecure.com\/wp-content\/uploads\/2024\/11\/cropped-Bartosz-Grodzicki-circle-portrait-96x96.png","caption":"Bartosz Grodzicki"},"description":"Bartosz Grodzicki ist Senior Consultant bei der Firma permSECURE. Bereits seit 2013 konzeptioniert und begleitet er IAM-Projekte und unterst\u00fctzt Kunden dabei, ihre Benutzer- und Ressourcenverwaltung zu optimieren.","url":"https:\/\/permsecure.com\/en\/author\/bartosz\/"}]}},"_links":{"self":[{"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/posts\/3324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/comments?post=3324"}],"version-history":[{"count":5,"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/posts\/3324\/revisions"}],"predecessor-version":[{"id":3667,"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/posts\/3324\/revisions\/3667"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/media\/2459"}],"wp:attachment":[{"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/media?parent=3324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/categories?post=3324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/permsecure.com\/en\/wp-json\/wp\/v2\/tags?post=3324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}