Access Control Instructions (ACIs) are used, as their name implies, to control access to attributes, entries and even whole sub-trees within the DIRECTORY informaton Tree (DIT).
They are stored as attributes on an entry. The evaluation order of these is actually straigtforward, once you know how it works.
A somewhat simplified (but sufficient for most purposes) description is as follows:
From this description it should be clear that: