REQ.186 Use minimum level of privileges
System must use the minimum level of privileges when accessing other systems or database.
OWASP-ASVS v3.1-4.1 Verify that the principle of least privilege exists. Users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.
NIST 800-53 AC-6 The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.