If you have a method call from module or deployment A to module or deployment B, B will be restricted with the intersection of permissions from A and B for the duration of the call. If you want to only operate under the restrictions placed on B, you must use AccessController.doPrivileged().
1 of 1 people found this helpful
Also, permission restrictions apply only to executable methods - not interface methods. So calling "through" an interface method does not add permission restrictions.
Thank you, David. I have used AccessController.doPrivileged(), but I have known nothing about calling through an interface(permission propogation). I will think, how to redesign my solution. Thank you one more time.