Access Control Lists

Usually the visibility of a package interface is determined by its position within the package hierarchy. However in special cases, when the use should be restricted, package interfaces can optionally specify access control lists to limit the range of packages that can access that interface.

The propagating interface, that is the interface that propagates part or whole of the objects, can define a new access control list. The propagated object's original access control list will not be taken into account for access through the propagated interface.

By this, the propagating interface is able to grant more legitimate permissions than the original interface because

• the original interface explicitly allowed propagation of the respective objects,
• the original interface granted the propagating interface's package the general permission to use it - either by defining no access control list at all or by defining an access control list that allows this package to use the interface.

In an Access Control List, only neighboring packages (that is the superpackage, the subpackages and the sibling packages) can be specified. Further limitation of access to each package's particular subpackages is left up to the respective package itself - through its dependency control lists.

The respective interface can be made visible to the superpackage, to sibling packages, and subpackages by specifying their name in the access control list. For sibling packages and subpackages, this makes the interface visible also to their direct and indirect subpackages. All root packages are treated as sibling packages. The ACL of a root package may contain references to non-existing root packages.

A compatibility mode with the following semantics can be activated for access control:

• It is possible to specify other packages, apart from the superpackage, the sibling packages and subpackages.
• In principle, the interface is only visible for packages specified in the Access Control List.