Description: An information security concept A user or entity should only have access to the specific data, resources and applications needed to complete a required task.