The principle of least privilege dictates that any user should only have the relevant amount of access necessary to complete their task. Following the principle of least privilege is considered best security practice as it minimizes the damage that one user can do, either intentionally, unintentionally, or because their account was compromised. By splitting the access out into various groups/roles, and only assigning users to the groups/roles they have a reason to be a part of, this principle can be maintained. Having a user, role, or group with full administrative access defeats this principle.