← All terms More

define permission-scope --plain-english

Illustration for "Permission Scope" from the Non-Technical Technical Dictionary

Permission Scope

TLDR:A valet key starts the car and opens the driver's door.

A valet key starts the car and opens the driver's door. It will not open the trunk or the glovebox. That isn't a cheaper key. That's the entire idea behind permission scope.

A master key opens everything. But you don't hand a stranger the master key just to park your car. You hand them a valet key, which does exactly one job, drive it fifty feet, and nothing else. Trunk stays locked. Glovebox stays shut. If the valet turns out to be a crook, your stuff is still safe.

Permission scope is that idea applied to every key, token, and agent in software: give it the least access it needs to do its job, and not one bit more. The formal name is "least privilege." The plain version is "don't hand over the master key when a valet key will do."

Hold it next to the secret from yesterday. A secret is the key. Its scope is how many doors that key opens. Two different questions. You can have a key that's perfectly safe in the safe and still dangerous, because it opens everything. Scope is what shrinks the damage if that key ever does get out.

It also picks up the fence from the very first day. The drive-thru window already decides what's on the menu. Scope is you choosing an even smaller menu for this one particular key: "this key can read orders. It cannot delete customers." Even if someone steals it, they can only do the small thing it was allowed to do.

Why this is the safety rail under agents specifically. The more an agent can touch, the more damage a bad moment can do. A confidently-wrong agent (the hallucination problem, in the driver's seat) holding a read-only key can embarrass you. The same agent holding a delete-everything key can ruin your week. So you scope it down: hand the agent the keys for exactly the job in front of it, watch what it reaches for, and keep the master key out of its hands. Powerful and unscoped is the one combination you never want.

The everyday version of this: when a tool asks for access, the instinct is to click "allow all" just to make the prompt go away. Resist it. The question worth asking every time is "what's the smallest access that lets this actually work?" That single habit is most of practical security.

Don't hand over the master key to park the car. Give every key, and every agent, the valet version: exactly enough to do the job, locked out of everything else.