Skip to main content

061: Define policy & use least privileged roles

Overview

For new privileged roles request, assign the least privileged role. This effort should consist of several steps:

  • Define a written organizational policy regarding least privilege roles
  • Analyze role usage in the organization to understand what tasks are regularly performed and which roles best align to those tasks
  • Update business processes to ensure that least privilege roles are given out when role assignments are performed

Reference