Systemic security strategy is described by security query in administrative model of role-based access control (RBAC). According to the definition of state-transition system, security analysis is defined and executed on Turing machine. Security query is classified by necessity and possibility. As a result, necessary security query and possible security query independent of status can be resolved in polynomial time, and the conditions under which possible security query is NP-complete problem are presented, but general possible security query is un-decidable.