In access control for mission-critical systems, what does least privilege mean?

• A. Privileges are granted after a fixed schedule
• B. All users have admin rights
• C. Users can request any permission at any time
• D. Users are granted only the minimum rights needed to perform their tasks

Answer: (D)

Least privilege means granting users the minimum set of rights needed to perform their role, and nothing extra. In mission-critical systems, this minimizes risk: if credentials are compromised or a mistake is made, the attacker or error can’t reach sensitive functions or data beyond what the user actually requires. It also supports better accountability and easier auditing, since actions come from tightly defined roles. The other options don’t fit this idea: granting rights on a fixed schedule still risks over-access during certain times; giving all users admin rights removes the protective boundary altogether; allowing any permission request at any time can lead to privilege creep. By enforcing least privilege, you keep access tightly aligned with actual duties and reduce potential impact.