lammert - 7:54 pm on Apr 4, 2008 (gmt 0)

I would say that an environment where you lock down user rights to the minimum needed for their task is called "protected".

Back in the early days of the 8086, every MS-DOS application could write in every memory location. To prevent this, the 80286 processor was given logic to provide access to certain memory locations to some applications but not to others. Applications using these logic were called to run in "protected mode". It gives applications access to their own resources, but not beyond the assigned rights. That is exactly the same as in your situation.

In a protected environment, even if the software application/user goes mad, it won't touch the integrity of the system because the integrity is controlled at an higher level than where the application/user has control rights to.