Documentation

True Privilege and Paths to Privilege

Suggest Edits

What is True Privilege?

True Privilege is every action a person operating the account could perform if they follow a Path to Privilege. Paths may involve using federation or trust relationships to become another account in an intended way, or abusing misconfigurations in the environment.

True Privilege encompasses all actions a determined attacker could ultimately take if they compromised an account.

How is it useful?

Privilege level is not always limited to the privileges an account is directly assigned. The rights and privileges an account is assigned can give it higher levels of privileged access. True Privilege captures these considerations and gives you the most comprehensive picture of access rights.

Seeing True Privilege across your organization helps you understand where privileges should be reduced in order to follow the Principal of Least Privilege (POLP) and reduce the blast radius if accounts are compromised.

True Privilege graph

Insights contains dedicated graphs, reports, and tags in grids to help you distinguish between an account’s direct privileges and its True Privilege, as well as understand what actions to prioritize to manage privilege-related risks.

To open the True Privilege graph:

  1. Navigate to the Identity Details page.
  2. Click View True Privilege graph or the icon under the Actions column on the Identities grid to open the graph.
  3. Drag the nodes to manipulate the the graph. Click any node to open a side panel with detailed information.

ℹ️

For reports relating to True Privilege, see Reporting.

What are Paths to Privilege?

A Path to Privilege shows some of the identities, accounts, entitlements, and configurations an identity can access via a particular set of steps. The collection of all paths describe the account's True Privilege.

How are they useful?

Identifying and visualizing these Paths to Privilege allows you to understand and control the relationships that enable both vertical and lateral privilege escalation.

Privilege escalation occurs when a lower-privileged account gains access to higher privileges, either vertically (to a more privileged role) or laterally (to a role with equivalent privileges that enables further escalation). This often happens due to misconfigurations or abuse of trust relationships.

Paths to Privilege node graph

To see the Paths to Privilege node graph:

  1. Navigate to the Entitlements page to open the Entitlementsgrid.
  2. Use the tabs and filters to locate the Entitlement name.
  3. Select from the Actions column. The Paths to Privilege node graph opens.

Paths to Privilege show on the True Privilege graph if there is an escalation path.

To open the True Privilege graph:

  1. Navigate to the Identity Details page.
  2. Click View True Privilege graph or the icon under the Actions column on the Identities grid to open the graph.
  3. Drag the nodes to manipulate the the graph. Click any node to open a side panel with detailed information.

📘

For reports relating to Paths to Privilege, see Reporting.

Updated 6 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.