Authorization security policy is the primary factor that determines access privileges for user accounts. Authorization security policy is the function of specifying access rights or privileges to resources, which is related to general information security and computer security, and to access control in particular1. Authorization security policy defines who can access what resources, under what conditions, and for what purposes. Authorization security policy should be aligned with the business objectives and security requirements of the organization, and should be enforced by appropriate mechanisms and controls. Authorization security policy should also be reviewed and updated regularly to reflect changes in the environment, threats, and risks2. Authorization security policy is an essential part of the ISA/IEC 62443 standard, which provides a framework for securing industrial automation and control systems (IACS). The standard defines four security levels (SL) that represent the degree of protection against threats, and specifies the security capabilities that should be implemented for each SL. The standard also provides guidance on how to conduct a security risk assessment, how to define security zones and conduits, and how to apply security policies and procedures to the IACS environment34 . References: https://bing.com/search?q=authorization+security+policy

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-7.0