What Are Privileges and How Are They Created?

Privilege, in an information technology context, can be defined as the authority

a given account or process has within a computing system or network.
Privilege provides the authorization to override, or bypass, certain security
restraints, and may include permissions to perform such actions as shutting
down systems, loading device drivers, configuring networks or systems,
provisioning and configuring accounts and cloud instances, etc.

In their book, Privileged Attack Vectors, authors and industry thought leaders
Morey Haber and Brad Hibbert offer the basic definition; “privilege is a special
right or an advantage. It is an elevation above the normal and not a setting or
permission given to the masses.”

Privileges serve an important operational purpose by enabling users,

applications, and other system processes elevated rights to access certain
resources and complete work-related tasks. At the same time, the potential for
misuse or abuse of privilege by insiders or outside attackers presents
organizations with a formidable security risk.

Privileges for various user accounts and processes are built into operating
systems, file systems, applications, databases, hypervisors, cloud
management platforms, etc. Privileges can be also assigned by certain types
of privileged users, such as by a system or network administrator.

Depending on the system, some privilege assignment, or delegation, to

people may be based on attributes that are role-based, such as business unit,
(e.g., marketing, HR, or IT) as well as a variety of other parameters (e.g.,
seniority, time of day, special circumstance, etc.).