People wanting more info on capability hardware should check out this online book that describes a lot of them.
IBM i, AKA AS/400 is the road not taken in mainstream architectures. It’s virtual architecture is the most beautiful still in production, and possibly ever.
Intel had its attempt at a capability architecture with the iAPX 432, but it had a lot of problems of its own.
Although I love System/38, check out the Intel i960 version used in BiiN if you havent. It was RISC with segmented protection and fault-tolerance. That link has reference manual with more detail.
I forgot to add the AS/400 reliability for a single system is probably still unparalleled. Ive met piles of users and admins who have never seen one crash in years. They can but rarely do. Im thinking it’s a combo of simplified models for use by default instead of roll-your-own everything in Linux land, built-in safety at low-level, much of system in high-level code instead of say C, and how IBM used stuff like SOI for processors. Just a guess but each can help in isolation.