What security concept applies when a user can add or delete users but not read or modify data in a database?

The concept of least privilege is relevant in this scenario because it emphasizes granting users the minimum levels of access—or permissions—necessary to perform their job functions. In this case, allowing a user to add or delete users without permitting them to read or modify data means imposing limits on the user's capabilities, thereby adhering to the least privilege principle.

This approach helps to minimize potential security risks by reducing the attack surface. By limiting what a user can do, even if their account is compromised, the potential damage is restricted since they do not have access to sensitive data. It supports the idea that each user should only have as much access as they need to complete their tasks, enhancing overall security within the database environment while also safeguarding the integrity and confidentiality of the data stored.

In contrast, the other concepts refer to broader security strategies or principles not focused specifically on access control per user.