Principle of Least Privilege
Whenever possible, a system should minimize access capabilities depending on the user's role or job.
- For instance, a teacher should not need access to data internal to a human resource system in order to do their job.
This behavior is called the Principle of Least Privilege, and its purpose it to prevent possible mistakes, misuse, or abuse by the user of sensitive data.
Systems that define such 'scopes' of access also provide ways of requesting the elevation of one's privileges when needed.
- Example: A regular Linux user can't install programs before requesting to elevate their privilege. To do so, they would call the su ('super user') Linux command to temporarily elevate their access capabilities and be able to install programs.