Glossary term
Glossary term
Security
Security principle granting only the minimum permissions needed.
AWS Bedrock Agents enforce least-privilege IAM roles - a customer-service agent is granted read-only access to the order database and write access only to the refund API, with no access to payment processing.
Anthropic's model-deployment guidelines for enterprise agents recommend creating per-agent service accounts with scoped OAuth tokens - a document-retrieval agent gets only read:docs scope, never write:admin.
GitHub Copilot for Business uses SCIM and SSO to ensure agents operate under user-level permissions - if a developer cannot access a private repo, the AI agent cannot either, enforcing least privilege automatically.