Sunday 05 July 2026 01:41:02 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Standing Privilege

Persistent elevated access that remains available even when it is not actively needed.

Standing privilege is persistent elevated access that remains available even when it is not actively needed. In practice, it means an account, service identity, or administrator role can perform sensitive actions at any time without requesting temporary approval.

This matters because permanent privilege increases attack impact. If a password, token, or API key is stolen, an attacker can immediately use those rights to move laterally, change configurations, or access data. It also increases accidental risk, since users and automation may perform privileged actions more often than necessary. Defenders reduce standing privilege with just-in-time access, just-enough access, automatic expiry, and strong audit logging. These controls make elevation temporary, so access exists only for a specific task and then disappears, shrinking the blast radius of compromise.

← WIKICROOK index