What you are looking for are described in the literature as "capabilities." Think of them as ACLs with real meaning. There is a Java variant called E that was developed by a company I used to work for (before the company blew up the lang was open-sourced) which was a capability-secure version of Java. One of the members of the E inner circle is Ka-Ping Yee (author of various PEPs) and his continued involvement with E gives me hope that one day it might make its way into Python is some shape, perhaps as a replacement for the recently nuked "safe" execution modules.
One thing that the E folks have done a lot of work on is dealing with UI issues and programming issues related to capabilities and the first few steps toward making this whole process a bit easier for the programmer. Be warned though, this group has been talking about this stuff for many years and has its own internal language to describe programming structures and processes that seems a bit opaque until you actually get your mind wrapped around the capability paradigm.