During a quarterly audit, a data warehouse administrator discovers that an intern who moved from the marketing team to the risk team still belongs to both the Marketing_Analyst and Risk_Analyst database roles, giving her access to tables she no longer needs. The administrator wants to adjust the organization's role-based access control (RBAC) policy so that users keep only the permissions required for their current duties and nothing more. Which RBAC principle should the administrator emphasize to prevent this kind of permission creep?
The principle of least privilege states that each user should be granted only the minimum permissions necessary to perform current job functions. If membership in the Marketing_Analyst role had been removed when the intern changed jobs, she would not have retained unneeded access to marketing tables.
Separation of duties focuses on splitting sensitive tasks among different roles to avoid fraud, not on pruning excess permissions. Mandatory access control is a different, highly restrictive model enforced centrally through security labels, and attribute-based access control grants rights dynamically based on attributes rather than predefined roles. Therefore, least privilege is the only principle that directly addresses the problem of users accumulating more privileges than they require.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege in RBAC?
Open an interactive chat with Bash
How does role-based access control (RBAC) differ from attribute-based access control (ABAC)?
Open an interactive chat with Bash
What is permission creep, and why is it a security risk?
Open an interactive chat with Bash
CompTIA Data+ DA0-002 (V2)
Data Governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .