Skip to content
Discuss access control principle and security principle used for access control.
Access Control Principles:
- Principle of Least Privilege:
- Idea: Don’t give more access than necessary.
- Example: If you haven’t been specifically allowed to access something, you shouldn’t be able to by default.
- Separation of Duties:
- Idea: Divide responsibilities to prevent misuse.
- Example: Make sure one person doesn’t have too much power; split tasks to reduce the risk of unauthorized changes.
- Need to Know:
- Idea: Give access only for necessary tasks.
- Example: You should only have access to the information needed for your job, nothing more.
Security Principles for Access Control:
- Identification:
- Idea: Make sure you know who is trying to access.
- Example: Use a username or an account number to claim who you are.
- Authentication:
- Idea: Prove that you are who you claim to be.
- Example: Enter a password, passphrase, or PIN to confirm your identity.
- Authorization:
- Idea: Control what someone can do once identified.
- Example: Even if you’ve proven who you are (authentication), you may not be allowed to delete a specific file unless authorized.
- Non-repudiation:
- Idea: Ensure that actions cannot be denied.
- Example: If you signed a document or sent a message, you shouldn’t be able to later deny that it was you who did it.