To restrict a legitimate user’s access to only those programs and files needed, organizations establish user access rights: allowable actions that can be assigned to a user or to groups of users. File and directory permissions are rules that are associated with a particular file or directory, regulating which users can access it — and the extent of their access rights. To avoid unintentionally giving a user unnecessary access to sensitive files and directories, an organization must give careful consideration to its assignment of rights and permissions.
NIST guidance states that access to information systems should be allowed only for authorized users and only for the tasks necessary to accomplish the work, in accordance with the organization’s missions and business functions. In addition, NIST guidance states that agency information systems should separate user functionality from functions necessary to administer databases, network components, workstations, or servers.