ACS Documentation : Kernel Overview : ACS Permissions Documentation
The ACS 4 Permissions system builds on the Object Model to generalize the scoping and general permissions mechanisms in ACS 3.x. In the Permissions system, object contexts replace scope, and a data model and API supporting a hierarchy of permissions on objects replaces the "flat" data model in general permissions.