PL/SQL applications consist – generally – of many procedures, functions and packages. A group of them can be invoked directly by applications as entry points of their user requirements while others are invoked by other packages as part of application business design.
Before Oracle 12c – in terms of database security – there was no difference between these two groups, and a granted user was able to execute any of these many units irrestrictively.
Oracle 12c introduces a new optional ACCESSIBLE BY clause that enables you to prevent package executions from outside the business logic, specifying a whitelist of predefined known elements that can only access a specific PL/SQL unit.