Hi Deepak,don't use the AEM Permissions UI for that, use CRX DE Light by all means: ACEs are evaluated in order, so you probably want a deny-read for a group that contains *all* authors first, and then the allow-read for group D. (the group for the deny depends on your setup, in terms of ootb groups...

Hi Sam,the number of users as such is playing together with the frequency of logins performed.With millions of users (to these all log in through LDAP?), a cache size of 100 obviously is no cache at all.I'd start with trying to get an understanding of how many of these users log in and how often, th...

Sam,have you checked on the LDAP server side?This looks very much as if your LDAP server is not capable of handling the load.Cheers,Ben