A memory management and protection mechanism in which access to protected entitites is controlled. The protected entities are represented by descriptors. Each protected entity is accessed via a selector which comprises an index integer assigned to the descriptor at the time of its creation. Tasks are active entities which may perform accesses and therefore are subject to control. A task has certain access rights. Each protected entity is assigned a specific privilege level. Each task within the system operates at one and only one privilege level at any instant in time. Protected entities which reside at a privilege level which is equal or less privileged than the current privilege level (CPL) of the task are generally accessible. The effective privilege level (EPL) of an access to a protected entity is defined as the numeric maximum of the CPL and the requested privilege level (RPL) present in the selector pointing to the memory segment to be accessed. An access is permitted if and only if the EPL is numerically less than or equal to the descriptor privilege level (DPL), assigned to the protected entity.