Let us learn today what is key difference between Least Privilege and Need to Know access principles.
Need to Know - Example
A mathematics teacher could be authorised to access Maths Exam previous years' question papers for all classes in the school. This is what he wants to know and no harm in giving him access to old exam question papers. This is decided on the basis of "Need to Know". In terms of IT, the example would be say you work in HR, you will have access to all general HR-related files and data.
Least Privilege - Example
A mathematics teachers on the basis of "Need to Know" was authorised to access Maths Exam previous years' question papers for all classes in the school. But, his "least privilege" principle says that he can only write new Maths Exam questions papers for the classes he teaches. Another example, his "Least Privilege" principle restricts his "Need to Know" principle allowing him to check/mark the exam sheets only for the classes he teaches. In terms of IT, the example would be say you work in HR, "Need to Know" authorises you with general HR-related data, but "Least Privilege" will control access to update only specific HR-related files, for which you are the data owner.
Conclusion -
Need to Know is more fundamental authorisation whereas Least Privilege is more granular. You could have a "view" access at the "Need to Know" principle level but then the "Least Privilege" principle mainly governs with "Write" and "Execute" bits.