I'm glad it is helpful, Nick.

Each item may have unique permission requirements, so assessing which ACL structure is best for each is important. Having separation between permissions for two items also means you can enhance one without the concern of breaking another, for those reasons I would probably use two separate tables, (or an ACL column if it makes more sense), despite the duplicate code that may result.

It's a bit heavy, but a one-to-one relationship between item and permission tables ensures access control logic can grow unimpeded. Plus, you get the added benefit of relying on foreign keys everywhere, which is ideal.