Show TOC

 Restricting the Use of a Package InterfaceLocate this document in the navigation structure

Use

By default, all the elements in a package interface are visible to - and thus can be used by - all the packages at the same hierarchy level. In some cases, however, the provider package may want to restrict the use of an interface to one or more user packages. For example, an interface might provide critical functions that could cause data inconsistencies and that can only be used correctly by a particular package in a specific context. In such a case, it would be undesirable for other packages to be given use access to this special interface.

One can limit the usage of a particular interface by explicitly declaring a set of packages in the Access Control List (ACL), preventing other packages from using them.

However, the propagated object's original access control list will not be taken into account for access through the propagated interface.

See also:

Graphic: Permissible Use Accesses

Prerequisites

You have created a package interface.

Procedure

To name the only packages allowed to use an interface:

  1. Choose the interface belonging to the provider package.
  2. Make sure you are in Change mode.
  3. Choose Access Control List in the Attributes Tab.
  4. Check the Access Control List.
  5. One can now switch to the Access Control List Tab.
  6. Go to the New Access Control List Semantics checkbox
  7. Select the checkbox to adhere to new semantics.
    Tip

    Using the old Access control semantics it is possible to specify packages from remote parts of the package hierarchy. On the client side, however, use declarations can only be specified hierarchically and for visible interfaces. For this reason, all relevant super packages of the actual package must be specified additionally in the access control list so that unintended uses still cannot be fully avoided.

    The new ACL semantics are simplified. Only directly "neighboring" packages (super package, sub packages and sibling packages) can be specified.(How sibling is defined for root packages) Further limitation of access to each package's particular sub packages is left up to the respective package itself - through its dependency control lists. The respective interface can be made visible to the super package, to sibling packages, and sub packages by specifying their name in the access control list. For sibling packages and sub packages, this makes the interface visible also to their direct and indirect sub packages.

  8. Under Access Control List, enter the user packages that are permitted to use the interface.
    Tip

    Note that the packages you enter need to be compliant with new semantics if the checkbox is selected. Otherwise, it does not perform any further checks on the package to ensure that it's the declaration is valid.

  9. Choose Save.
Result

You have specified the only user packages entitled to use a particular interface of the provider package. Other packages, not specified in Access Control List, cannot use the interface elements, even if the latter is visible.

See also:

Creating Use Accesses

Extending Visibility over Several Levels