It is mainly used in access control mechanisms for distributed systems.
A subject may be a process or a user that makes a request to access a resource.
The model has eight basic protection rules (actions) that outline: Moreover, each object has an owner that has special rights on it, and each subject has another subject (controller) that has special rights on it.
Each rule is associated with a precondition, for example if subject x wants to delete object o, it must be its owner (A[x,o] contains the 'owner' right).
Harrison-Ruzzo-Ullman extended this model by defining a system of protection based on commands made of primitive operations and conditions.