32 lines
905 B
Markdown
32 lines
905 B
Markdown
---
|
||
title: "最小权限原则"
|
||
type: concept
|
||
tags: [Security, IAM, Best-Practice]
|
||
date: 2026-04-19
|
||
---
|
||
|
||
## Definition
|
||
最小权限原则(Least Privilege)是安全最佳实践,只授予完成任务所需的最小权限。
|
||
|
||
## Core Concept
|
||
> "We only want to allow the access that is strictly required."
|
||
|
||
只授予完成任务所需的最小权限,降低权限滥用和数据泄露风险。
|
||
|
||
## Implementation
|
||
- 从空白策略开始,逐步添加所需权限
|
||
- 定期审查和调整权限
|
||
- 使用资源级别限制特定资源而非广泛权限
|
||
- 避免使用通配符(*)
|
||
|
||
## Related Concepts
|
||
- [[IAM-策略]]: 最小权限的应用对象
|
||
- [[IAM-用户]]: 需要最小权限管理的实体
|
||
|
||
## Role in Cloud Security
|
||
- 降低数据泄露影响范围
|
||
- 限制内部威胁
|
||
- 满足合规要求(PCI-DSS、HIPAA、GDPR)
|
||
|
||
## Connections
|
||
- [[最小权限原则]] ← guides ← [[IAM-策略]] |