Authorization
            Once a user has been authenticated as a legitimate user, the next
            step is to assign them the proper level of access to the system.
            Authorization is based on the principles of “least privilege” and
            “need to know,” and uses access control processes such as
            separation of duties, dual control, temporal access, and mutual
            exclusivity to ensure that a user only has the appropriate level of
            access to the assets of the organization.



            Need to Know

            Need to know is the principle of only granting entity access to
            the information that they require and hiding any other