...
If you use acl:accessTo
to protect a container, that authorization rule by default will also apply to any of that container's children, unless that child has its own acl:accessControl
property, as described below.
The second is to use the acl:accessToClass
property to state that the authorization rule applies to any resource with the named RDF type:
...