Whenever limits are placed on individuals or systems to access only what they are supposed to, you are engaging in access control.
Your network's internal mechanisms ensure that each user and system can access only what the security policy allows.
At the system level, the two ways to implement control are access control lists and execution control lists.

An ACL is a list of the entities that can access the resource, such as users, servers, programs, or applets, and their access levels, such as read-only, write-only, read-write, delete, create, access, or other actions. If one of these entities attempts to perform an operation beyond its authorized level of access, the operating system will raise an exception or error notification. For example, each user or group is assigned an access level in an ACL specifying the operations that each user or group may perform on the database and the documents it contains. An authorized user must still pass the ACL test to gain access to a database.

An ECL allows the operating system to limit a program's activity. Traditionally, the operations of a program have been predetermined by its creators, and could not be modified or limited in any significant way. With an ECL you can determine which of the program's activities are appropriate, and which are not. In essence, you can exert operating system-level control over a single application. For example, an ECL can minimize the threat of a malicious program, further direct the activity of Java applets, and stop trojan horses .
It can forbid the transmission of certain data and alert you to the unauthorized transmission attempt. Eventually, software vendors will begin shipping ECLs, allowing any user to determine the program's parameters.