# What is least-privilege authorisation in operational technology?

Least-privilege authorisation is a security principle where users and devices are granted only the minimum level of access necessary to perform their specific functions. In an operational technology environment, this means a technician might have read-only access to telemetry data but no permission to change engineering configurations. By strictly limiting access rights, organisations can prevent accidental changes and ensure that if a set of credentials is compromised, the potential damage is contained. See our [comparison of granular access vs. legacy methods](https://www.agilicus.com/compare/port-forwarding/).

For more information, see [Industrial Cyber Security Best Practices](https://www.agilicus.com/white-papers/industrial-cyber-security-best-practices/).