A credential leaks. With an over-permissive role the attacker's reach spreads across every resource; with least privilege the damage is contained to one box. Smaller privilege, smaller blast radius.
The analytics service's credential is about to leak. Choose how much access its role has, then leak it โ and watch the blast radius.
๐
Analytics service
holds a credential
๐๏ธ
Patient DB
ย
๐ณ
Payments
ย
๐ฅ
User admin
ย
๐
Audit logs
ย
๐
Reports (read-only)
ย
โ๏ธ
System config
ย
Resources exposed
0 / 6
Blast radius
โ
What just happened
โนLeast privilege means every user, service and credential gets only the permissions it actually needs โ nothing more. The analytics service needs read-only reporting data, not access to payments or patient records.
โนCredentials WILL leak eventually (a logged token, a committed key, a compromised box). The only question is how much an attacker can reach with one. That reach is the blast radius.
โนOver-permissive roles turn one leaked credential into a full breach; least-privilege roles contain it to a single, low-value resource. Scope every workload's permissions and the damage of any one leak stays small.