A system and method for authorizing access to a controlled entity by a user. A set of user privileges is provided for user; and a content manager intersects an access control list (ACL) and the set of user privileges to authorize access. Binding level control indicia selectively binds an access control list (ACL) to the controlled entity at item type, item, mixed, or library binding level. An item type comprises one or more component items with each component item having one or more item views which together form an item type view. A content manager is responsive to the binding level to perform ACL checking for authorizing access to the controlled entity by the user.