Access control is the mechanism by which an operating system
controls who gets access to what. For example, access control can
prevent user Bob from messing with files owned by user Dan, and
visa-versa.
At the highest level, there are two different kinds of access
control. The more common kind is Discretionary Access Control, or
DAC. With DAC, there is a certain person (or persons) to whom the
access control simply doesn't apply; they can do anything.
This person is known as root/superuser on UNIX, Administrator on
NT, and various other names. If an attacker manages to get access
to this person's account (the machine has been rooted), then
it's game over.
The other type of access control is Mandatory Access Control, or
MAC. With MAC, there isn't anything on the computer that has
complete access to anything. Not only does this make things
harder on external attackers, it also allows the job of the
administrator/superuser to be split up among several people, making
it harder for any single person on the inside to compromise
security.