<authorizationPolicy id="doc" currentState="New">

	<!-- Defined document-specific roles -->
	
	<role id="Author" type="windows" windowsGroupName="BUILTIN\Users"/>
	<role id="Reviewer" type="windows" windowsGroupName="BUILTIN\Administrators" />
	
	<!-- Defined document states -->
	
	<state id="New" name="The document is new (not in the database yet)" />
	<state id="Authoring" name="The document is being authored." />
	<state id="Sent" name="The document has been sent for approval." />
	<state id="Reviewing" name="The document is being reviewed." />
	<state id="Accepted" name="The document has been approved." />
	<state id="Rejected" name="The document has been rejected." />
	<state id="Deleted" />
	
	<!-- Defined actions -->
	
	<action id="Update" name="Update" description="Update document" />
	<action id="Send" name="Send" description="Send the document to approval" />
	<action id="Review" name="Review" description="Start reviewing the document" />
	<action id="Accept" name="Approve" description="Approve the document" />
	<action id="Reject" name="Reject" description="Reject the document" />
	<action id="Delete" name="Delete" description="Remove the document permanently" />
	
	<!-- Defined properties -->
	
	<property id="Title" />
	<property id="Content" />
	
	<!-- Action authorization rules for the Author role -->

	<actionRule action="Update" role="Author" state="New" targetState="Authoring" />
	<actionRule action="Update" role="Author" state="Authoring" targetState="Authoring" />
	<actionRule action="Send" role="Author" state="Authoring" targetState="Sent" />
	<actionRule action="Delete" role="Author" state="Rejected" targetState="Deleted" />
	<actionRule action="Delete" role="Author" state="Accepted" targetState="Deleted" />
	
	<!-- Action authorization rules for the Reviewer role -->
	
	<actionRule action="Review" role="Reviewer" state="Sent" targetState="Reviewing" />
	<actionRule action="Accept" role="Reviewer" state="Reviewing" targetState="Accepted" />
	<actionRule action="Reject" role="Reviewer" state="Reviewing" targetState="Rejected" />
	
	<!-- Property authorization rules (only Author can modify document properties) -->

	<propertyRule property="Title" role="Author" state="New" />
	<propertyRule property="Content" role="Author" state="New" />
	
	<propertyRule property="Content" role="Author" state="Authoring" />
	<propertyRule property="Title" role="Author" state="Authoring" />
	
</authorizationPolicy>
