The support for ACLs added in MODE-1920 does add some overhead when checking permissions for every user-invoked operation (via the internal 'hasPermissions(...)' method), even when there are no ACLs used. This should not be the case, especially for repositories that never use ACLs.

ACLs only need to be checked once the first ACL is created in a repository.