To ensure least privilege for privileged user IDs, what should be verified?

Least privilege means giving privileged users only the access their job requires and nothing more. To verify this for privileged IDs, check that every privilege is necessary for the user’s duties and limited to the minimum needed to perform those tasks. This aligns with documented roles, supports separation of duties, and is enforced by controls like role-based access and privileged access management, plus regular reviews, especially when roles change. This is the best approach because it directly states that privileges must be both necessary for the function and restricted to the least necessary level. Granting privileges to all admin users broadens access beyond what any single administrator needs, privileges should adapt to role changes, and not reviewing after assignment leaves outdated or excessive access.