What describes the principle of least privilege in access control?

Giving users the minimum level of access they need to perform their tasks is the concept being tested. The principle of least privilege means each user, process, or system component gets only the permissions necessary to do its job, nothing more. This reduces the chance of mistakes or malicious actions causing damage, and it limits what an attacker can do if credentials are compromised, while also supporting accountability because actions are constrained to authorized capabilities. In practice, you assign narrow roles, enforce separation of duties, and use mechanisms like role-based access control or just-in-time elevation for temporary needs. The other options undermine security: full access for everyone creates widespread risk, random access lacks governance and auditability, and public access exposes sensitive data.