Priniciple of Least Privilege ?

1. user/system/process should have the minimum set of permissions to execute or complete its job.
2. Ex: if there is a user who is working on analytics, he or she is using database to make the queries in that case they should have only permission to execute the read queries it means priniciple of least privilege , the user will not have write permission or a permission to ssh to a particular machine running database , so why this is beneficial, since lets say this user is being hacked in that case who ever hacked the system is now having only read permission of the database, yes I understand this is bad but atleast he/ she can only read the data and cannot delete or move the complete data.
3. Above mentioned logic is also applicable to system lets understand this, lets say we are having a webserver hosting our website and it is also connecting to the database now in this case we only want our webserver to query the SQL Queries from the database that is TCP 3306 conneueruction, this is there since even if the system is compromised means a hacker take over this server they will not be able to ssh to other machines from this machine they will only be able to make the SQL Queries which is frankly speakin is still bad.