Which approach correctly handles privileged escalation requests?

Controlling privileged access through least privilege and just-in-time practices is the key idea. When a privileged request comes in, first confirm there’s a real need for elevation tied to a specific task. Then require approvals so the request is reviewed and sanctioned by the right people. Grant elevated access only for a limited time and with entitlements narrowly scoped to what’s necessary for the task. While the elevated window is active, monitor the user’s actions to spot any unusual or unauthorized activity. Revoke the access as soon as the task is complete, and keep a detailed audit trail of who requested what, when, and what was done. This combination minimizes risk by limiting how long and how broadly privileges are granted and by ensuring accountability, visibility, and rapid rollback if something goes wrong. Other approaches miss essential controls: granting permanent or blanket access without ongoing oversight, or allowing self-approval without checks, which increases the chance of misuse or oversight gaps.