Security & DevSecOps Practical By Samson Tanimawo, PhD Published Sep 2, 2025 4 min read

Just Enough Admin (JEA) Pattern

Admins get exactly what they need. The pattern.

What JEA solves

Standing admin privilege is the highest-risk credential pattern. Compromise of one admin account gives total access. JEA replaces standing admin with narrow, time-bounded elevation.

Each elevation grants only the permissions needed for the specific task, for the specific duration. The blast radius of a compromise during the elevation window is bounded.

JEA is policy plus tooling. Policy: no engineer has standing admin. Tooling: a system that grants narrow elevation on request.

Scoping elevations

Per-task scopes. Database emergency: elevation to that database, not all databases. Cluster debugging: cluster-specific kubectl context, not multi-cluster admin.

Time-bounded. 1-4 hours typical. The session expires automatically; the engineer requests a new one if more time is needed.

Audit-tagged. Each elevation links to a ticket, incident, or written justification. Audit trail records why.

Approval flow

Routine elevations: peer approval. A teammate confirms the request is legitimate. Friction is small; security is meaningful.

High-stakes elevations: manager or security approval. Production root, payment systems, customer data. Higher stakes, more eyes.

Emergency override: documented break-glass procedure. Logged immediately to security; reviewed within 24 hours.

Tooling

AWS SSO with permission sets that map to time-bounded sessions. STS AssumeRole with session duration.

HashiCorp Vault dynamic secrets. Vault generates database credentials on demand; revokes when the session expires.

Teleport, BeyondTrust, CyberArk for enterprise. Session recording; centralised audit; automated approval workflows.

Operating JEA

Onboarding: new engineers default to no elevations. Each elevation is a deliberate addition.

Quarterly review: who has standing privileges that could be JEA? Convert one at a time.

Track elevation request volume. Healthy: routine pattern. Unhealthy: bursts during incidents indicate the JEA workflow is too slow for emergencies; tune the approval times.