1. Content Based Entitlements (CBE)
CBE uses DACS lock to control the permission.Normally, the application gets DACS lock from the refresh message of the subscribed item. Then, the application must pass this DACS lock as a parameter (lockData) to Authorization::checkSubscription() method.
2. Subject Based Entitlements (SBE)
SBE uses the subject names to control the permission. For this reason, DACS lock isn't required by SBE.
For more information, please refer to this question.