Least privilege and need to know

Least privilege and need to know describes the fact that authorized users should be granted the minimum amount of access and authorization during their jobs. Need to know means that the user must have a legitimate reason to access information.