...
If you use acl:accessTo to protect a container, that authorization rule by default will also apply to any of that container's children, unless that child has its own acl:accessControl property, as described below.
The second is to use the acl:accessToClass property to state that the authorization rule applies to any resource with the named RDF type:
...