This livestream is restricted

Already a member? Login with your membership email address

Make a submission

Accepting submissions till 28 Feb 2024, 11:00 PM

Simpl, Bengaluru,




Major consumer economies globally are implementing stringent Data Protection regulations to protect consumer data. For organizations, data protection goes beyond regulations. In today’s age, any consumer data abuse or leak leads to significant and often irreversible brand damage.

Collecting consumer data is a responsibility, not a privilege. This talk focuses on the various data protection practices companies must implement to fully protect their consumer’s data.

Who should attend?

This is an intermediate-level talk for engineers and DevOps professionals. Jayesh will explore essential data protection capabilities, highlighting common patterns, and potential pitfalls in their implementation.


This presentation has new content. For a sense of the speaker’s approach in a different context, see the talk Jayesh gave at The Fifth Elephant Winter edition in Mumbai in 2019 on building a scalable data platform at Hotstar

About the speaker

Jayesh Sidhwani is co-founder of Enclave. Enclave is a SaaS tool that offers building blocks to implement Data Privacy compliance. His background includes roles at Jupiter Money and Disney+ Hotstar. He has over 13 years of experience in software development and leadership across major Indian consumer companies.

How you can participate

  1. In the submissions tab, submit a 5-min flash talk about the work you are doing with privacy by design.
  2. Speak at a future Rootconf meet-up. Leave your name and topic in comments.
  3. Pick up a membership to support Rootconf meet-ups and other activities.
  4. Spread the word among colleagues and friends. Join Rootconf Telegram channel.

About Rootconf memberships

Rootconf is a community-funded organization. If you like the work that Rootconf does and want to support meet-ups and activities - online and in-person - contribute by picking up a membership


Join the Rootconf Telegram group at https://t.me/rootconf or follow @rootconf on Twitter.
For inquiries, contact Rootconf at +91-7676332020.

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more

Supported by

Venue host

Mayank Kumar


Principle of Least Privilege

Submitted Feb 28, 2024

Principle of Least Privilege:

The Principle of Least Privilege (PoLP) is a security concept that dictates that any user, program, or process should have only the minimum privileges necessary to perform its function. The goal of PoLP is to limit the potential damage from accidents, errors, or unauthorized use of resources. Here are key points about the principle and how it can be applied:

Understanding the Principle of Least Privilege:

  1. Minimal Access: Each user should have access only to the resources and information that are necessary for their legitimate purpose.
  2. Need-to-Know Basis: Information should only be accessible on a need-to-know basis, reducing the risk of sensitive data exposure.
  3. Permission Restrictions: Users should be restricted in their ability to install software, change system settings, or execute high-privilege operations unless necessary for their role.

Implementing Least Privilege:

  1. User Account Management: Create user accounts with appropriate privilege levels for their roles within the organization.
  2. Role-Based Access Control (RBAC): Assign permissions based on predefined roles rather than individual users to streamline management and auditing.
  3. Temporary Elevated Access: Grant higher privileges on a temporary basis when required for specific tasks and ensure they are revoked upon completion.
  4. Regular Audits: Conduct periodic reviews of access rights to ensure they remain aligned with job functions and remove excess privileges.

Benefits of Least Privilege:

  1. Reduced Attack Surface: Limiting privileges reduces opportunities for attackers to exploit vulnerabilities or hijack accounts with extensive permissions.
  2. Mitigation of Insider Threats: By restricting access, the potential damage from malicious insiders or compromised accounts is minimized.
  3. Improved Compliance: Many regulatory frameworks require adherence to least privilege principles as part of data protection practices.

Challenges in Enforcing Least Privilege:

  1. Complexity in Large Organizations: As organizations grow, managing individual access rights becomes increasingly complex.
  2. Balancing Security and Usability: Too much restriction can hinder productivity; finding the right balance is key.
  3. Evolving Roles and Permissions: As employees change roles or take on new projects, maintaining up-to-date permissions requires vigilance.

Redmask (Restricted Data Access Management for Securing Knowledge) Framework

To address these challenges and implement PoLP effectively within an organization’s data management practices, tools like Redmask are invaluable. Redmask is designed as an automated solution that helps manage granular level access control over datasets while providing simplicity through its user interface (UI).

Key Features of Redmask:

  1. Granular Permission Controls: It allows precise control over who accesses what data and for what purpose.
  2. Automated Access Rules: Reduces administrative overhead by automating permission assignments based on roles or projects.
  3. Temporary Access Grants: Provides time-bound access for temporary needs like Geeta’s project on borrowing patterns.
  4. Audit Trails & Compliance Reporting: Keeps records of data accesses and alterations for regulatory compliance purposes.
  5. User-Friendly Interface: Simplifies management tasks so less technical staff can effectively oversee access controls.

Tables suggested for operating the service


Constraint Field Type Description
pk dataset_name String Name of the dataset
fk owner_usergroup String User group that owns dataset
details Text Detailed description of dataset


Constraint Field Type Description
pk table_name String Name of the table
pk schema_name String Schema the table is in
dataset_name String Dataset table belongs to


Constraint Field Type Description
pk usergroup_id String Usergroup ID
details String Description of user group


Constraint Field Type Description
pk pou_id String Purpose of use ID
details String Description of purpose of use
access_rule Rule How much data this POU grants access (3 mnths, 13 mnths)


Constraint Field Type Description
fk table_name String Table’s name
fk schema_name String Schema’s name
fk pou_id String Purpose of use


Constraint Field Type Description
fk, pk usergroup_id String
fk, pk dataset_name String
fk, pk pou_id String
expiry_date String

By integrating principles such as least privilege into frameworks like Redmask and adopting them into their Privacy by Design strategies, organizations can ensure they not only protect sensitive information but also foster trust with customers through responsible data stewardship practices. This proactive approach aligns operations with current privacy expectations and regulatory requirements in our increasingly security-conscious world.


{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 28 Feb 2024, 11:00 PM

Simpl, Bengaluru,

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more

Supported by

Venue host