Security is and should be outcome-oriented. In that spirit, access management can be boiled down to a single phrase—ensuring that only the right people have the right levels of access to the right resources under the right conditions at the right time. In a true Zero Trust world, granting access through the front door isn’t enough, you also need to be able to control and enforce what can be done once inside. This is where the principle of least privilege applies, only granting the minimum rights to perform specific functions. Unlike Chotchkie's from the movie Office Space, the bare minimum is actually encouraged here. A common challenge with putting the principle of least privilege into practice lies in the enforcement—how can you ensure that what is written in policy is effectively adhered to in practice? I’ve often referred to this as the Adherence Gap. Thankfully for Linux systems, there.