What is the concept of separation of duties and how does it apply to privilege management?

Separation of duties is a control that prevents fraud and mistakes by dividing critical tasks among multiple people so one person cannot complete a sensitive process alone. In privilege management, this means different roles handle different steps of granting and using privileged access—one person might initiate a request, another reviews and approves it, and a separate party or system actually implements the change. Requiring dual approvals for sensitive actions creates checks and balances and a clear audit trail, making misuse harder and increasing accountability while aligning with least-privilege practices. Centralizing control or removing approvals would undermine this protective separation, and delegating all permissions to automated processes without oversight removes necessary human checks.