An ACL works by having a list of authenticated users within the devices operating system to compare the current login information with users on the list. This is to verify the permissions of the current user when they try accessing different objects on the device, i.e files and directories. If the operating system fails to find the current user in the ACL list, it will promptly deny them access to secured objects.
Filesystem ACLs are the instructions to the operating system on which users are authorised to certain objects on the device as well as what privileges they have while accessing said objects.
Networking ACLs provide guidance to the routers on what internet traffic can come in and out of the network. Additionally, they provide the privileges and authentication to what users have access to on the network.