'Private' services

Most languages have a ‘private’ keyword, or other mechanisms to prevent procedures/methods/subroutines/functions from being called if they’re designed to be used only from within certain places.

Example:

  • dangerousService - might cause damage
  • checkedDangerousService - does some checks, then invokes dangerousService

It would be nice to be able to restrict access to dangerousService from all services except checkedDangerousService.

That’s a frivolous example. More reasonably, this kind of control maintains architectural tiers.

Does WM provide a way to enforce this?

If not, what conventions do you use to prevent yourself or others calling a service you should not?

ACLs

Aren’t ACLs to protect services based on the calling userid not the calling service?

Or is there a feature of ACLs I’ve missed… or a way to fake one using the other?

ACLs are userID based.

I typically put “dangerous” services in a folder called useWithCaution, so that it shows up as part of the namespace. Doesn’t actually stop anyone from calling the service, but does tend to make other developers think before using in their service.

If you were willing to do some coding… If dangerousService was a Java service, you could use Service.getCallingService to verify it was being called by an “authorized” parent (perhaps from a list of authorized parents). If it was a Flow, you could use use the PSUtilities equivalent (misc:getServiceName, I think).

However, this does require coding. I am not aware of any configuration mechanism for achieving what you want.

code reviews as part of your overall governance process which I strongly recommend.

You’re right. I’m not aware of a way to restrict the calling service.