In the same way you can have the access part in one table (or even one database if you want to!) and the actual data in another.
For now private blockchains couldn't convince me good enough that they worth that much attention. A blockchain is a limited database. Indeed, if trustless relationship is needed between multiple entities who will maintain the data integrity, public or shared blockchain is beautiful. But again, maybe it's me, maybe I'm missing a point somewhere.
No, they are valid points. DApps built on public blockchains and decentralised storage networks is a beautiful concept. However, there are problems with DSNs: they don't offer authenticated access controls, afaik (except by controlling who has the file id and decryption keys, which cannot be revoked); data can't be deleted; data can't be easily analysed; they don't help companies that store different parts of customer data in different tools (e.g. salesforce for sales data, mysql for the core product, etc). This limits the use cases for DApps built on DSNs, it seems to me.
I guess the question is, is there value in having the access controls deployed on, say, Ethereum while the data is held on a private trusted server? The vision would be a marketplace of 1000s of cloud-based vault services all competing on integrity, security, availability and feature set while some users run their own home servers and let their friends and family use them. DApps for whom data integrity is not that important, like social media DApps, could allow users to choose where their data is held, while others could insist on using one of a set of trusted cloud vault services. Companies that insist on storing their customer data locally would be able to demonstrate to a regulator they have an active smart contract proving they have their customer's permission to hold the data and conversely would have to delete the data if the customer terminated their contract. Some cloud vault services could be gateways to DSNs.