diff --git a/kernel/kernel-impl/src/main/java/org/sakaiproject/authz/impl/DbAuthzGroupService.java b/kernel/kernel-impl/src/main/java/org/sakaiproject/authz/impl/DbAuthzGroupService.java
index c584c2416ec0..23c39672c431 100644
--- a/kernel/kernel-impl/src/main/java/org/sakaiproject/authz/impl/DbAuthzGroupService.java
+++ b/kernel/kernel-impl/src/main/java/org/sakaiproject/authz/impl/DbAuthzGroupService.java
@@ -2225,15 +2225,9 @@ public Set<String> getUsersIsAllowed(String lock, Collection<String> realms)
 			if ((lock == null) || (realms == null) || (realms.isEmpty())) return new HashSet<String>();
 
 			String sql = dbAuthzGroupSql.getSelectRealmRoleUserIdSql(orInClause(realms.size(), "SR.REALM_ID"));
-
-			// CLASSES-3453 Inline the lock value to give the Oracle query planner a better chance
-			sql = sql.replaceFirst("\\?", String.format("'%s'", lock.replaceAll("[^a-zA-Z._-]", "")));
-
-			System.err.println("REWROTE SQL: " + sql);
-
-			Object[] fields = new Object[realms.size()];
+			Object[] fields = new Object[1 + realms.size()];
 			int pos = 0;
-			// fields[pos++] = lock;
+			fields[pos++] = lock;
 			for (String roleRealm : realms)
 			{
 				fields[pos++] = roleRealm;
@@ -2262,15 +2256,9 @@ public Set<String[]> getUsersIsAllowedByGroup(String lock, Collection<String> re
 
 			if (realms != null) {
 				sql = dbAuthzGroupSql.getSelectRealmRoleGroupUserIdSql(orInClause(realms.size(), "REALM_ID"));
-
-				// CLASSES-3453 Inline the lock value to give the Oracle query planner a better chance
-				sql = sql.replaceFirst("\\?", String.format("'%s'", lock.replaceAll("[^a-zA-Z._-]", "")));
-
-				System.err.println("REWROTE SQL: " + sql);
-
-				fields = new Object[realms.size()];
+				fields = new Object[realms.size() + 1];
 				int pos = 0;
-				// fields[pos++] = lock;
+				fields[pos++] = lock;
 				for (Iterator i = realms.iterator(); i.hasNext();)
 				{
 					String roleRealm = (String) i.next();
@@ -2278,13 +2266,8 @@ public Set<String[]> getUsersIsAllowedByGroup(String lock, Collection<String> re
 				}
 			} else {
 				sql = dbAuthzGroupSql.getSelectRealmRoleGroupUserIdSql("true");
-
-				// CLASSES-3453 Inline the lock value to give the Oracle query planner a better chance
-				sql = sql.replaceFirst("\\?", String.format("'%s'", lock.replaceAll("[^a-zA-Z._-]", "")));
-
-				System.err.println("REWROTE SQL: " + sql);
-
-				fields = new Object[0];
+				fields = new Object[1];
+				fields[0] = lock;
 			}
 
 			// read the strings
@@ -2325,15 +2308,9 @@ public Map<String,Integer> getUserCountIsAllowed(String function, Collection<Str
 
 			if (azGroups != null) {
 				sql = dbAuthzGroupSql.getSelectRealmRoleGroupUserCountSql(orInClause(azGroups.size(), "REALM_ID"));
-
-				// CLASSES-3453 Inline the lock value to give the Oracle query planner a better chance
-				sql = sql.replaceFirst("\\?", String.format("'%s'", function.replaceAll("[^a-zA-Z._-]", "")));
-
-				System.err.println("REWROTE SQL: " + sql);
-
 				fields = new Object[azGroups.size() + 1];
 				int pos = 0;
-				// fields[pos++] = function;
+				fields[pos++] = function;
 
 				for (Iterator i = azGroups.iterator(); i.hasNext();)
 				{
@@ -2342,13 +2319,8 @@ public Map<String,Integer> getUserCountIsAllowed(String function, Collection<Str
 				}
 			} else {
 				sql = dbAuthzGroupSql.getSelectRealmRoleGroupUserCountSql("true");
-
-				// CLASSES-3453 Inline the lock value to give the Oracle query planner a better chance
-				sql = sql.replaceFirst("\\?", String.format("'%s'", function.replaceAll("[^a-zA-Z._-]", "")));
-
-				System.err.println("REWROTE SQL: " + sql);
-
-				fields = new Object[0];
+				fields = new Object[1];
+				fields[0] = function;
 			}
 
 			// read the realm size counts