Protecting Data with the Principle of Least Privilege

Zero Trust takes a least privilege approach — only granting users, devices, applications, and systems the minimum privilege level they need to do their job. [Adobe Stock]

Traditional network security is no longer a viable solution to stay ahead of today's threats. Implementing the principle of least privilege can help protect your valuable data.

Laura Pelkey

May 10, 2023 4 min read

Throughout the last few decades, cybersecurity best practices have gone through many iterations. With the evolution of supply chain threats and bad actors, traditional network security (e.g., perimeter defense, trusted networks) is no longer a viable solution. Instead, organizations are adopting a Zero Trust security strategy. This is built on the principle of least privilege (PLP) to protect valuable data.

Zero Trust and the Principle of Least Privilege

Think about it like your house. A traditional perimeter defense means if someone has the key or alarm code, they can enter your home and have access to your kitchen pantry and bathroom cabinet. Using a Zero Trust framework means the key or alarm code only gets you in the front door; you’ll need to continuously prove your identity to gain access to individual rooms and cabinets. So what does that mean for information security?

Zero Trust takes a least privilege approach — only granting users, devices, applications, and systems the minimum privilege level they need to do their job. A user only has access to specific things (applications, services, etc.) through a predefined pathway, thus preventing a hacker from doing a lot of damage in the event they are even able to gain access to the network.

Secure your business for tomorrow

A Zero Trust strategy is the next evolution of how we’re moving our trust-first culture forward for our customers and ourselves. Check out the Salesforce Zero Trust eBook to learn how to secure your business for tomorrow.

Read the Zero Trust eBook

Applying the Principle of Least Privilege to your Salesforce Org

A Salesforce Org is home to a plethora of valuable customer and user data. Protecting that data is the #1 priority. When it comes to protecting data from inside the org, one of the biggest challenges is understanding the type of information each user needs access to. This is where the PLP — a fundamental tenet of information security — can be very helpful. Following this principle means that users should have the least number of permissions necessary to do their job. Limiting users’ permissions prevents unauthorized access to sensitive records and information. Ultimately, following the principle of least privilege can significantly reduce the amount of security risk an organization faces.

The same principles can also be applied to limiting access within a Salesforce Org. Salesforce administrators have the ability to apply the PLP to their users by configuring Permissions Sets to grant minimal access. However, it’s easy to accidentally over-grant permissions and common to inherit an org with over-privileged users. We recently announced the end of life (EOL) of permissions on profiles to help admins manage users with the PLP in mind — which will go live in the Spring ’26 release.

There are a couple things admins can do to prepare for this change:

Conduct a privilege audit by reviewing all existing accounts and permissions to ensure there is no privilege creep
Assign Salesforce’s least privilege profile (the Minimum Access User Profile) to users. Layer on permissions using Permission Sets and Permission Set Groups according to the access required.

Setting yourself up for success

Whether you’re new to Salesforce or you just finished conducting an audit to get a better understanding of what permissions your users currently have, here are some questions to ask yourself when assigning user permissions moving forward:

Does this user absolutely require this/this level of permission to do their job?
Can I further limit or reduce permissions in any way?
Can I further restrict the permissions by time/session?
Will they still be able to do their job if it’s further limited?

Remember that according to the PLP, a user should be able to perform their regular job functions, but not have any additional or unnecessary privileges. Learn more about how end of life (EOL) of permissions on profiles will help limit user privileges in Salesforce, and stay tuned for more information on how to prepare for that release update.

Security best practices

Learn the tips

Additional Resources

Check out the resources below to learn more about the principle of least privilege.

Learn About Data Visibility and Access with the Updated Who Sees What Video Series (Admin Blog)
The Future of User Management (Admin Blog)
How to Implement the Principle of Least Privilege in Salesforce (Architect Blog)
How to Build a User Security Model (Architect Blog)

Unlock New Certifications

Continue your learning on Trailhead to learn even more about the principle of least privilege.

Data Security Trailhead: Learn how to control access using point-and-click security tools.
Permission Set Groups Trailhead: Learn how permission set groups can make your job easier and help you to enforce assignments based on least privilege.
User Access Specialist Trailhead: Learn how to lock record access, build effective sharing solutions, and troubleshoot user access issues.

Image of a group of people putting their hands together / shared responsibility model

Security as a Shared Responsibility Between Provider and Customer

3 min read

Customer Preferences in Salesforce Platform and Salesforce Privacy Center

5 min read

Laura Pelkey Senior Manager, Security Customer Engagement

Laura engages with customers, partners and the security industry to drive awareness and adoption of security best practices. She has worked in the security industry for more than 10 years and is extremely passionate about helping people keep their valuable PII and data secure. Currently, Laura runs Read More

More by Laura