We often overlook the difference between permission and privilege. These are the two standard principles of a secure IT environment.
The Need-to-know principle focuses on permission. It allows specific access to objects, such as you are allowed to read a time on the wall clock. However, you cannot change the time.
The least privilege principle focuses on privilege. It’s a combination of permission and the right to take action. You have the freedom not only to read the time but also to change the time.
Tags: IT Security Principle Permission Privilege