First, some terminology:

objects

The things to which we wish to control access. They include physical (hardware) objects as well as software objects such as files, databases, semaphores, or processes. As in object-oriented programming, each object has a type and supports certain operations as defined by its type. In simple protection systems, the set of operations is quite limited: read, write, and perhaps execute, append, and a few others. Fancier protection systems support a wider variety of types and operations, perhaps allowing new types and operations to be dynamically defined.

principals

Intuitively, “users'’–the ones who do things to objects. Principals might be individual persons, groups or projects, or roles, such as “administrator.'’ Often each process is associated with a particular principal, the owner of the process.

rights

Permissions to invoke operations. Each right is the permission for a particular principal to perform a particular operation on a particular object. For example, principal Solomon might have read rights for a particular file object.

domains

Sets of rights. Domains may overlap. Domains are a form of indirection, making it easier to make wholesale changes to the access environment of a process. There may be three levels of indirection: A principal owns a particular process, which is in a particular domain, which contains a set of rights, such as the right to modify a particular file.

Conceptually, the protection state of a system is defined by an access matrix. The rows correspond to principals (or domains), the columns correspond to objects, and each cell is a set of rights. For example, if

access[solomon]["/tmp/foo"] = { read, write }
Then I have read and write access to file “/tmp/foo”. I say “conceptually'’ because the access is never actually stored anywhere. It is very large and has a great deal of redundancy (for example, my rights to a vast number of objects are exactly the same: none!), so there are much more compact ways to represent it. The access information is represented in one of two ways, by columns, which are called access control lists (ACLs), and by rows, called capability lists.