> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/pam/concepts/least-privilege.md). # Least privilege The principle of **least privilege** (PoLP) is a foundational security concept requiring that users, applications, and systems be granted only the minimum access necessary to perform their duties. This limits the potential impact of compromised accounts or software vulnerabilities, helping organizations control risk exposure and protect sensitive resources. In practice, least privilege can be enhanced with [just-in-time (JIT) elevation](https://docs.devolutions.net/pam/concepts/jit-elevation/), which provides temporary, time-bound access to [privileged accounts](https://docs.devolutions.net/pam/concepts/privileged-account/) or systems only when needed. This reduces standing privileges and simplifies auditing. Least privilege differs from [zero-standing privilege (ZSP)](https://docs.devolutions.net/pam/concepts/zero-standing-privileges/), which seeks to eliminate all persistent privileged access entirely, relying solely on JIT access. While both approaches reduce exposure, least privilege often includes static but limited access rights, whereas ZSP aims for a complete absence of baseline privileges. Devolutions PAM supports least privilege by allowing role-based access controls, session approvals, and time-limited credential use, aligning with best practices for secure access. #### Least privilege aliases * PoLP * Principle of least privilege * Minimal access rights #### Related topics * [Permissions/RBAC/Roles](https://docs.devolutions.net/rdm/concepts/advanced-concepts/permissions-rbac-roles/) * [External PAM integrations](https://docs.devolutions.net/rdm/concepts/advanced-concepts/external-pam-integrations/) * [Least privileges for Active Directory](https://docs.devolutions.net/pam/kb/how-to-articles/least-permission-jit-group-elevation/) #### See also * [Zero standing privilege](https://docs.devolutions.net/pam/concepts/zero-standing-privileges/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/pam/concepts/least-privilege.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.