An access control matrix is a list of objects along with the permissions granted for each object. You can think of an access control matrix as a group of ACLs. Each ACL represents a single object and lists all the permissions for that object.

A capability table is a list of subjects, along with the capabilities granted to the subjects. These capabilities include rights and permissions. For example, a capability table can list several groups such as Project Managers, Project Team Leads, and Project Members. It then lists the rights and permissions granted to each of these groups.