least-privilege

Background: I'm writing a service and want to give it as few privileges as necessary. Virtual Accounts (sometimes "Virtual Service Accounts") are sparsely documented feature new to Windows 7/2008R2 that are automatically managed accounts for services that need minimal privileges but access the network with a computer identity in a domain environment. My service doesn't need network access, so I'm using LocalService, but I don't like the fact that if I grant access to a file/etc I granting access to all services running as that account. Is there a least privileged account I can use? You don't

I am trying to implement an architecture that follows the OAUTH2/OIDC protocol. In order to do that, I have STS(Identity Server v3 by leastprivilege), ASP.NET WebApi and ASP.NET MVC application for a client. My goal was to have the STS and REST service hosted on Azure so different clients can use them as public services. So far so good. Everything seemed to work smoothly and perfectly before I decided to add a new client that uses one of the redirection flows - Authorization Code flow. I wanted to take advantage of the refresh token option that it offers. I wanted to serve short life access

Goal Create a database with three users and restrict their privileges (I'm just thinking out loud, so my user separation is also open to correction): Superuser - this user allows for the very initial provisioning of the database. Create the application database, create the other users, set their privileges. Default postgres superuser works for me, so this one is done. Administrator - this user has access only to the database that was created during provisioning. Administrator can CRUD all data in all tables, and can also CRUD tables, etc. "Superuser for only this database" type of situation.