Least privilege is a common security practice where systems allow users the minimum permissions necessary to operate. It prevents users from harming things they ought not harm. It is a great rule of thumb. However, policies for enforcing this practice grow complicated in large organizations where people move about and move on frequently.

Removing privileges from former employees is the most basic use case. An employee resigns, turns in her badge and waves good-bye. Yet, the employee...