Security policies
A security policy serves as a collection of security templates,
each of which contains a predefined list of permissions, or Access
Control Entries, that can be configured to apply to a document, custom
object, or folder.
Except where specifically mentioned, this topic describes the association of security policies with documents and document classes. To fully understand this topic, you should be familiar with document versioning and the versioning states Released, In Process, Reservation, and Superseded.
Remember: Security policies are just one way to apply
ACEs to an object's ACL. The other sources are the object's class,
a security parent, direct edits to the
object's security, and by programmatically setting the object's
access rights.