Skip to main content
Ministry of Education New Zealand
On this page

What least privilege is

The principle of least privilege is where access is specific to each person’s requirements. Everyone gets the minimum level of access needed to do their job. For example:

  • Students should only be able to access their own work. They should not be able to access other student’s work and the teacher's folders.
  • Administrative staff may need access to the finance system, but not the Student Management System (SMS).
  • Teachers need to be able to access the SMS, their own folders, and perhaps other folders to support their colleagues, but they don't need access to the financial system.

It needs to be consistently applied to all users and across all your systems.

Why least privilege is important

Least privilege reduces the risk of accidental or intentional misuse of information. It can:

  • Limit a cyber criminal’s ability to access information or further systems if they gain access.
  • Prevent someone from accidentally deleting or making changes to the system.
  • Protect users from accidentally breaching the Privacy Act 2020 for having access to sensitive information they shouldn’t.

Privacy Act 2020 – New Zealand Legislation

How to set up least privilege

Here are some quick and easy ways to implement least privilege:

  • only assign access to files and systems that staff need for their job, for example, not having access to staff payroll information if you do not need it
  • only provide admin access to people who need it for their job, for example, your information technology (IT) lead
  • for staff who need admin access, create a separate account to their everyday account, and make sure it has a secure password and is 2-factor authentication (2FA) enabled
  • regularly review the access staff have and remove access they no longer need
  • have a process for removing access for staff and students once they’ve left the school.

Separate accounts for everyday usage and administrator tasks

Administrator accounts are more at risk if they are compromised and can cause more damage to your systems if a cyber criminal gains access. IT leads should have separate accounts for everyday use and administrator tasks.

Everyday tasks include:

  • sending emails
  • browsing the internet.

Administrator tasks include:

  • managing users
  • changing configurations
  • managing backups
  • creating and deleting resources.

You can differentiate the accounts by name. For example:

All administrator accounts must have 2FA enabled.

How to technically set up least privilege

If you are an IT lead or provider, see our guidance on how to technically implement least privilege at your school.

THIS PAGE IS FOR
  • Education professionals