What does the principle of least privilege require in an IAM program and how is it enforced?

Least privilege means giving each user only the minimum set of permissions they need to do their job, and nothing more. In an IAM program this is achieved by tying identities to roles that contain only the necessary permissions (RBAC) or by using attributes and context to grant access (ABAC). Enforce this with well-defined policies, and strengthen it with reviews to confirm ongoing alignment with duties and with just-in-time approvals that grant temporary elevation for a task and revoke it afterward. This approach reduces risk and makes audits clearer. The other options miss the point: granting maximum privileges increases risk, random assignment has no control, and requiring MFA only for admins addresses authentication rather than the scope of what users can do once authenticated.