Which statement best defines least privilege in access control?

Least privilege means giving users only the minimum access rights they need to do their jobs. This limits what a user can see or do, so if a password is compromised or a mistake is made, the potential damage is contained to just what’s necessary for their tasks. It also makes monitoring and enforcing accountability easier, and supports separating duties so no single user has excessive power.

In practice, you assign specific roles with narrowly defined permissions, grant elevated access only when required and for a limited time, and regularly review and adjust permissions as roles evolve. The other ideas would either expose more data than needed, make it hard to track who did what, or remove visibility entirely, which increases security risk.