Ethereum smart contracts are executed on EVM and once the byte code is generated it is then sent within a transaction and then it exists on the blockchain. This happens because once the contract is deployed it then interacts with other transactions.
Hyperledger is a different approach, the contract might be on the ledger or it may not be. If you take an example of fabric, it deploys the code in the docker container which can then be interacted with using transactions. The participants can access the contract via credentials given to them.
In ethereum, the code is a bit simplified, and publicly accessible which means that you only need to employ a check to only allow a few to interact with smart contract.
In hyperledger, it would most likely be modeled in a similar manner.
to answer your last question each participant in both systems has credentials and the designer of the smart contract can use this to control access. Also, in Fabric, there are channels that partition the ledger which is used for access control.