Guideline: Least PrivilegePart of: Information Security Guidelines
Overview: Building a set of Guidelines for Security and Privacy
When every user, administrator or service accounts are created, apply a life-cycle management through the account’s entire life-cycle. When the purpose of an account changes, also change its corresponding authorizations.
You can even take it a step further to make privileges context aware. With limiting privileges based on context (when you might need access to data and when not) is a way to orchestrate the 'need to know' principle.
More information from Wikipedia about Principle of least privilege.