You'll want to implement an admin or policy capability pattern. Create a unique capability object within the package that should have exclusive update rights. Then, have all the update functions for the shared object require a reference to this capability object as an argument. This way, only the owner of that specific capability can call those update functions, effectively restricting edits to your package.

为确保只有特定的包才能更新共享对象，您可以使用发送者或能力门控等模式. 一种方法是实现能力模式，允许根据对象的所有权进行更新. 或者，您可以创建访问控制列表 (ACL)，仅允许特定地址与包的方法进行交互. 能力模式文档和拒绝列表规则等资源中详细介绍了这些方法，可以在 此处 和 此处 中查看.

To make sure only a specific package can update a shared object in Sui Move, you need to build in access control directly into your smart contract logic. One way to do this is by using a capability pattern, where you create a special object that acts like a permission slip—only the package that holds this object can make changes. You can also check the sender’s address during a transaction and allow updates only if it matches the expected package address. Another option is to include an access control list inside the shared object itself, listing which addresses are allowed to make edits. These methods help you lock down the object so that other modules or packages can’t tamper with it.