The ACM can be stored as a set of rows where each row, called a capability list (C-list), is maintained by the relevant subject. Alternatively, the ACM can be stored as a set of columns where each column, called an access control list (ACL), is maintained by the relevant object.
The time to add, remove, or verify rights is linear with respect to the length of the list.
This time can be reduced by combining subjects with the same rights into a single group.
Example:
ACL = ((i, rijk), (j, rijk), (k, rijk), (m, rmn), (n, rmn)) becomes
ACL = ((groupijk, rijk), (groupmn, rmn)), groupijk = (i, j, k), groupmn = (m, n)
The time could also be reduced by caching portions of the list. This approach, however, would have to insure cache consistency.
A subject's access to a file may be restricted by the directories that contain the file.
Example 1: