Definition
- A fine-tuned access control strategy ensuring that users only get the specific permissions they need for a given task
- Often implemented alongside RBAC (role-based access control) or ABAC (attribute based access control)
Example
A database administrator can run queries but cannot modify security settings or access customer PII unless explicitly needed
See also JIT (Just-in-time) principle