The tutorial at : JBoss Tutorial - Associations in Hibernate has a very good description of modeling a many to many relationship. However, I'm confused by the working the Bi-directional associations section where it makes the getEvents() protected. The comment in the tutorial is : "prevents everybody else from messing with the collections directly". However, it doesn't suggest a way that everybody else could actually get at this data. The business logic probably needs to get at this data. Do you just throw it into a wrapper object that keeps somebody from adding to the set? Or do people just ignore this advice and make the set accessible and then establish conventions for the app layer to have it only add things by calling appropriate add methods? I'm interested to know if there is a Hibernate convention for this (not how to write the Java code). Thanks.