# Permission model and least privilege

**What is a permission model?**

A permission model defines who may access which data. The principle of least privilege gives every account exactly the rights its job requires.

Networks that have grown over the years show the same findings again and again: accounts of former staff are still active, administrator rights sit on accounts used for daily work, and shares are open to the whole company although they only concern one department.

A permission model only holds up over time with a fixed process for people joining, moving and leaving. Put that process in writing and you can also demonstrate, when reviewed, that access is under control.

## Related terms
- [Zero trust](https://vetosec.at/en/it-security/zero-trust/)
- [Two-factor authentication (2FA)](https://vetosec.at/en/it-security/zwei-faktor-authentifizierung/)
- [IT asset inventory](https://vetosec.at/en/it-security/it-inventar/)

## Source
https://vetosec.at/en/it-security/berechtigungskonzept/ (vetosec, schutz)
