After changing deny statements in ACI's to allow statements, do the ACI's work the same? (Doc ID 1596700.1)

Last updated on NOVEMBER 20, 2013

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
Information in this document applies to any platform.

Goal

Recently in a SR related to ODSEE performance issues, support suggested converting all of the deny statements in our ACIs to allow statements.

The following conversion yielded a performance increase of 20%:

deny (add,write,delete) --> allow (search, read, compare)
deny (write,add,delete,compare,proxy) --> allow (search, read)

Questions: Will the new allow statements yield the same security access rights as the original deny statements?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms