Least-privilege authorisation is a security principle where users and devices are granted only the minimum level of access necessary to perform their specific functions. In an operational technology environment, this means a technician might have read-only access to telemetry data but no permission to change engineering configurations. By strictly limiting access rights, organisations can prevent accidental changes and ensure that if a set of credentials is compromised, the potential damage is contained. See our comparison of granular access vs. legacy methods.

For more information, see Industrial Cyber Security Best Practices.