The tasks and examples in this section assign privileges to executables and system resources. Typically, you assign a privilege to an executable to enable a trusted user to run that executable. In Assigning Rights to Applications and Scripts, the privilege assignment enables the application or script to be run by a trusted user in a profile shell. In Locking Down Resources by Using Extended Privileges, extended privilege policy limits a user ID, port, or file object, to a smaller set of privileges than the default effective set. Privileges that are unspecified are denied to that user's process, port, or object. Such an assignment approximates least privilege policy.