Access control

The entity reader API acts as a policy enforcement point. Therefor it has to provide several run-time modes like pre- vs. post-processing of policies, graceful degradation vs. complete deny in case of missing privileges etc.