complex ACL and performance impact?

Showing results for 
Search instead for 
Did you mean: 
Member II

complex ACL and performance impact?


I have rather complex requirements for access rights, it will end up with lots of groups and users assigned to the node (folder) without inheritng permissions. I wonder will it affect search and retreival performance? It seems to work fine in dev environemnt with small number of folders and limited number of groups but I would like to know what happens when repository starts to grow? I am worried that permision evaluation may impact performance.

Is there any general recomendation to stay on the safe side?

Thank you!

1 Reply

Re: complex ACL and performance impact?

"It is a best practice to not break the inheritance as much as possible"

It will eventually impact the search performance as your list grows. Limiting number of users to a group and add groups may be helpful in your case. You should prefer to do a round testing with N set of users/groups and measure the impact before deciding to take this approach to production system. 

Huge number of users/groups without inheritance can even cause acl trackers to fail as well due to heavy payload being sent to solr nodes. 

 @angelborroy   @afaust  Can provide better details