Here are some benchmarks, some of the on benchmarking access control performance: https://github.com/apache/jackrabbit-oak/tree/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark
HTH Michael On 24/10/16 17:01, "Vikas Saurabh" <[email protected]> wrote: >Hi, > >In a project I'm working, we have a some personas which represent the >kind of operations member of those personas are allowed to do over a >given node. > >The most trivial idea was to have a >synthetic-group-per-persona-per-such-node and add/remove members to >these groups. This approach has obvious side-effects: >* systems gets flooded with system-generated-groups thus requiring >special UI for user/group management >* can potentially affect login performance - I haven't checked how >OAK-3003 works.. maybe, it's a non-issue >* eerie feeling to require additional groups :) > >The other end of the spectrum is to provide explicit ACLs on the node >per principal. It's ok for us to go this way... but we ended up with >an open question on the subject the mail. Do we know how ACL >evaluation performance behave wrt number-of-ACLs on a node - assuming >ACLs-per-principal won't be a big number? > >I was thinking of writing a benchmark to see but wanted to copy some >closely related existing benchmark. It'd great if there are some >pointers for this :). > >Thanks, >Vikas
