After changing deny statements in ACI's to allow statements, do the ACI's work the same?
(Doc ID 1596700.1)
Last updated on NOVEMBER 20, 2013
Applies to:Oracle Directory Server Enterprise Edition - Version 6.0 and later
Information in this document applies to any platform.
Recently in a SR related to ODSEE performance issues, support suggested converting all of the deny statements in our ACIs to allow statements.
The following conversion yielded a performance increase of 20%:
deny (add,write,delete) --> allow (search, read, compare)
deny (write,add,delete,compare,proxy) --> allow (search, read)
Questions: Will the new allow statements yield the same security access rights as the original deny statements?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document