A scheme on studying the safety issues for privilege in systems is introduced. Since the particular faculty of transiting security states makes analyzing and protecting privilege for a system difficult, techniques used in traditional access control should not copy to this field. For this reason the features are firstly inspected by discussing the origination of privilege using access control space theory. Then rules defined for a system could be divided into two categories: constraint rules and execution rules, describing the restrictions and effect of an authorization respectively. Furthermore, a special authorization relation between different privilege operations, as well as its properties, is investigated against rules' logical patterns by deduction. A quick algorithm for constructing authorization deduction graph is also provided. Basing on it, common safety issue of implicit authorization was reviewed with the possibility to be abused. Finally this paper formalizes the capability mechanism defined by POSIX (portable operating system interface) standard, constructing ADG (authorization deduction graph) for it. The design is revised with countermeasures against privilege abusing so as to preserve consistent with the principle of least privilege.