Knowledge organisersIdentifying and preventing vulnerabilities

Common prevention methods: User access levels

Knowledge organiser

Identifying and preventing vulnerabilities

1.4.2a.iv

What you need to know

User access levels control what data and features different users can access within a system. By limiting access to only what each user needs, the risk of misuse or damage from compromised accounts is reduced.

Key points

Definition:User Access Levels: controls that determine what data and features different users can access. E.g. admin has full access; standard users have limited access.
Users only have access to what they NEED — this is the principle of 'least privilege'.
Reduces the risk of insider threats and accidental changes.
If a low-level account is compromised, the damage is limited because it has restricted access.
Exam Tip:User access levels limit damage from BOTH insider threats AND external breaches of low-level accounts.

Knowledge organisersIdentifying and preventing vulnerabilities

Common prevention methods: User access levels

All topics Practise exam questions

Knowledge organiser

Identifying and preventing vulnerabilities

1.4.2a.iv

What you need to know

Key points

Definition:User Access Levels: controls that determine what data and features different users can access. E.g. admin has full access; standard users have limited access.
Users only have access to what they NEED — this is the principle of 'least privilege'.
Reduces the risk of insider threats and accidental changes.
If a low-level account is compromised, the damage is limited because it has restricted access.
Exam Tip:User access levels limit damage from BOTH insider threats AND external breaches of low-level accounts.