How do you implement least privilege in IAM for humans and services?

Least privilege means granting only what’s needed. Practices: - Role-based access and scoped policies - Short-lived credentials - Separation of duties - Regular access reviews Treat service identities as first-class: rotate keys, restrict blast radius, and audit usage continuously.