I can see why you are confused by the sources stated above, they are both correct from 'a certain point of view' and it's not just you, everyone in the ServiceNow world has to go through this right of passage 😀 Hopefully this clears things up a bit. You need to think of this in two ways:

1. Conceptually

Now even though the more general table-level permissions are in reality checked first, access to a specific object such as a field is granted only after passing through the more specific field-level checks. So access to the specific object (fields) is determined only after the general permissions (table) are cleared.

Think of this of a locked house, if you don't have the door key to the house you cannot access the key to the safe in the bedroom in that house.

2 Operationally (what actually happens)

The ACLs are checked in a sequence where the table-level (most general) permissions are actually assessed first then followed by field-level (most specific) permissions are checked. This is the operational order of the processing that is carried out to determine access. For example as each record that is accessed from the table, row based rules are determined first. So f a record level write rule returns false, then all fields on that row will be read-only.

Importantly a user only has to pass one ACL at the table level to have access to the table, and one to have access to an object (row, field).

In the ACLs themselves the evaluation order is:

1. Roles

2. Condition

3. Script