For optimal server performance, use ACLs only when required.
The server is configured with an ACL file containing the default ACL allowing write access to the server only to all, and an es-internal ACL for restricting write access for anybody. The latter protects the manuals, icons, and search UI files in the server.
The default obj.conf file has NameTrans lines mapping the directories that need to be read-only to the es-internal object, which in turn has a check-acl SAF for the es-internal ACL.
The default object also contains a check-acl SAF for the default ACL.
You can improve performance by removing the check-acl SAF from the default object for URIs that are not protected by ACLs.