Principle of least privilege in Cybersecurity - Time & Space Complexity

We want to understand how the effort to enforce the principle of least privilege changes as the number of users and resources grows.

How does the work needed to manage permissions increase when more users or resources are added?

Analyze the time complexity of this permission check process.

for each user in users:
    for each resource in resources:
        if user has permission for resource:
            allow access
        else:
            deny access

This code checks every user against every resource to see if access is allowed under least privilege rules.

Look at what repeats in the code.

• Primary operation: Checking permission for each user-resource pair.
• How many times: Once for every user and every resource, so all pairs.

As the number of users and resources grows, the number of permission checks grows quickly.

Input Size (users x resources)	Approx. Operations
10 users x 10 resources	100 checks
100 users x 100 resources	10,000 checks
1000 users x 1000 resources	1,000,000 checks

Pattern observation: The number of checks grows proportionally to the product of the number of users and resources; doubling both multiplies the work by four.

Time Complexity: O(n x m)

This means the time to check permissions grows proportionally to the number of users times the number of resources.

[X] Wrong: "Checking permissions for one user means the time grows only with the number of users."

[OK] Correct: Permissions depend on both users and resources, so the total checks multiply, not just add.

Understanding how permission checks scale helps you design secure systems that stay efficient as they grow. This skill shows you can think about both security and performance together.

"What if we stored permissions in groups instead of per user? How would that change the time complexity?"