RBAC vs PBAC vs ACL

Scenario A is just ACL. The permission table is the access control list.

Scenario B is RBAC, just as you suspected. As an exercise for you, think about extending your example for users belonging to more than one role, or roles granting access to more than one access point - for example, shouldn't each creator also have reader's permissions?

In a policy based scenario, access control might be granted or denied by dynamic properties. For example, lets say user A can gain a score over time, or lose some og the score points (like the reputation score on the SE sites). Imagine a policy which says "/create works only for users with a score of more than 1000 points". That would be a typical PBAC scenario.

Note an access control system can provide PBAC, ACL and RBAC simultaneously, this is not necessarily an "either - or" decision. In a system which grants certain permissions on policies (or roles, or both), there can always be a policy which says "after all other policies have been evaluated, grant additional access rights according to a specific permission table", for example.