The set of rights can be broken into two subsets : where is the set of capabilities and is the set of permissions that can be given to a file, for each possible uid. Let be the set of available uids plus a special element that will mean that the uid check is not needed. Let be the set of capabilities seen in section . Let be the set of file accesses.
We can write and . Thus an insight of could be the union of the two following tables where each row is an element of . Let's have a very reduced disk with three files : //bin//bin/vi, and (no uid test, id=root and first user).