Liferay Portal’s Plugin Security Manager checks all your plugin’s API access attempts against the security manager properties specified in your plugin’s liferay-plugin-package.properties file. If your plugin tries to access a portal resource that is not specified in these properties, the Plugin Security Manager prevents it from happening. Consider this a virtual finger waggin’. To prevent this from happening, you have to tell the Plugin Security Manager up-front the access your plugin needs.
The sections that follow describe the PACL properties: explaining each property’s purpose, its possible values, and the syntax to use in specifying its value.