My Oracle Support Banner

ODSEE - Do ACI's Work the Same After Changing 'deny' Statements to 'allow' Statements? (Doc ID 1596700.1)

Last updated on OCTOBER 31, 2019

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
Information in this document applies to any platform.

Goal

In an ODSEE performance issue it was suggested to convert all the deny statements in ACIs to allow statements.

The following conversion yielded a performance increase of 20%:

deny (add,write,delete) --> allow (search, read, compare)
deny (write,add,delete,compare,proxy) --> allow (search, read)

Questions: Will the new allow statements yield the same security access rights as the original deny statements?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.