Joomla 1.5 version had very limited (close to none) flexibility in defining what content can be seen by which group of users. It had 8 fixed user groups - Public, Registered, Author, Editor, Publisher, Manager, Administrator, and Super Administrator. You could assign a user to only one group.
In Joomla 1.5 versions, there were 3 fixed access level - Public, Registered, and Special. Relationship between groups and access levels was fixed.
But with Joomla 2.5 and newer versions, ACL has been made much more flexible in every case. There can be unlimited Groups and Access Levels, with the ability to assign one user to multiple groups and any groups to any Access Level.
The first step is to define the User Groups. User Groups automatically inherit the the Access Levels of the parent group. For example, Author Group (child) inherits access levels of Editor Group (parent). So, the Editor will have all the permissions of that of registered user, plus some of its own permissions.
The second step is to create Access Levels. You have to assign each access level to one or more User Groups created in the first step.
Now you can assign Joomla items (articles, menus, modules) to one Access Level.
Access Levels act as a bridge between the Joomla items and user groups. Any time a user is about to view an item on a Joomla page, the Joomla program creates a list of all the Access Levels that the user (User Groups user is assigned to) has access to. Then it checks whether the Access Level of the item is on that list. If yes, then the item is displayed to the user.
Permissions are assigned to the User Groups.
Site -> Global Configuration -> Permissions