blacklist - Allow everything that is not forbidden by the ACL rules list
whitelist - Deny everything, that not allowed by the ACL rules list
You can use different repositories for the rules - an array (configuration file), a database (there is an example implementation), or you can add your own.
You can hide files and folders that are not accessible.