Associated with a controlled object. Determines if an operation invoked on a controlled object should be allowed based on the subject (user) invoking the operation.
