Discuss/Define: Ensure Least Privileged Access

[jischr]

topics to cover:

• ensure end users only have access to what they need in my application at any given point in time

[dhs-BI]

@jischr how would we profile this? Enforcing least privilege is a pattern, but I don't see a clear path to standardization of the pattern since it depends heavily on the business rules being enforced.

Does this require an implementer to be able to implement and enforce a zero standing privileges model?