present Non-Colliding Path Authorisation (NCPA),a lightweight authorisation protocol in which access rights are encoded as single-use, ordered paths through a system graph. Each authorization must be exercised sequentially, without replay, andwithout colliding with other concurrent authorizations. To ensure liveness, paths are allocated within bounded epochs, allowingsafe reclamation of exhausted resources. Unlike traditional access control systems that rely on centralised locks or cryptographic capabilities, NCPA enforces safety properties through structural constraints and explicit state transitions. I provide an executable specification of the protocol and validate its security properties using property-based testing. Our results demonstrate that NCPA prevents replay, skipping, impersonation, and collisions, while guaranteeing bounded exhaustion and epoch-based recovery.