The Custodian and the Princple of Least Privilege
It can be frustrating, when you suddenly loose permissions to something you have been doing for years only to find out you are now 'not allowed' to do it, and when you ask why you are told about the " Principle of Least Privilege " - utter nonsense? or good information security practice? Simply put, a person should have only sufficient the minimum sufficient access necessary to do his/her job, and no more. Similarly, a software program should only have the minimum access to data necessary to fulfill its function and no more. The principle of least privilege works hand-in-hand with the tenant of separation of duties and the concept of ' Need to Know ' Consider the case of a custodian , let's call him Dave. Dave is responsible for cleaning the classrooms and office's inside a public school system. In order for Dave to do his job successfully, he needs access to all of the classrooms and offices. He likely has a keychain of many keys. (which always s