Another practice in physical world is adopted in cyber world – least privilge principle.
However, we must bear in mind that privileges could be elevated or circumvented due to system weakness or unmanaged vulnerabilities. Therefore, regular assessment for assurance is required to validate if controls are still effective.