How does Access Control List Evaluation works?

When a user tries to perform an operation on a given object, the directory server determines whether the user has the appropriate access by

1) Examining the orclEntryLevelACI attribute of the user entry

2) Proceeds to the nearest Access Control Point (ACP). ACPs are the entries in which the orclACI attribute has been given a value.

3) Continues with each superior or higher ACPs in succession until the evaluation is complete