During a security audit, what violation occurs when new users have access to resources beyond their job roles?

The scenario described highlights a situation where new users are granted access to resources that exceed what is necessary for their specific job roles. This directly relates to the principle of least privilege, which states that users should only be granted access to the information and resources required for them to perform their job functions.

When new users have access to more than what is needed, it violates this principle, potentially increasing the risk of misuse of sensitive data or systems. By adhering to the least privilege principle, organizations minimize the attack surface, limit potential damage from breaches, and ensure that users can only perform tasks relevant to their responsibilities. This proactive approach to security is crucial in maintaining robust access control measures within an organization.

In contrast, while a data breach and unauthorized access relate to security incidents, they do not specifically describe the issue of users having excessive permissions. Additionally, an insider threat generally involves malicious actions taken by someone within the organization who has privileged access, but it doesn't directly address the violation regarding permissions based on job roles.