A security policy is a statement that partitions the states of a system into a set of authorized and a set of unauthorized states, that is, the state of secure states or non-secure states.

Let us take an example of three states during the permission granting process for posting a document inside the Microsoft Dynamics NAV system, where state 1 (S1) and state 2 (S2) are secure states, whereas state 3 (S3) is an unsecure state. This is depicted in the following diagram:

Secure and non-secure state example in Microsoft Dynamics NAV

In Microsoft Dynamics NAV, let us assume a condition where, for a posting process, a process requires permission ...