Explain how access control lists might be implemented.

What will be an ideal response?

A capability table specifies the subjects and objects that users or groups can access; in some systems, capability tables are called user profiles or user policies. These specifications frequently take the form of complex matrices, rather than simple lists or tables. The access control matrix combines capability tables and ACLs, so that organizational assets are listed along the vertical axis while users are listed along the horizontal axis. The resulting matrix contains ACLs in columns for a particular device or asset, while a row contains the capability table for a particular user.