Principle of Least Privilege - CI/CD Glossary Definition
The principle of least privilege states that an identity should be granted only the minimum permissions needed to do its job, and no more, to limit the damage from a compromise.
Applying it
Grant narrow scopes, prefer read-only where possible, and remove permissions when a task no longer needs them. Audit grants periodically.
In CI/CD
Set GitHub Actions permissions: to the least needed (for example contents: read), and scope cloud trust policies to a specific repository and branch.
Related guides
Role-Based Access Control (RBAC) - CI/CD Glossary DefinitionRole-Based Access Control (RBAC): Role-based access control grants permissions to roles rather than directly…
Scope - CI/CD Glossary DefinitionScope: A scope is a named permission attached to an OAuth token that limits what actions the token may perfor…
Authorization - CI/CD Glossary DefinitionAuthorization: Authorization is deciding whether an already-authenticated identity is permitted to perform a…