[Zope-dev] LOTS of roles?
Dieter Maurer
dieter@handshake.de
Sun, 23 Feb 2003 21:02:24 +0100
Paul Winkler wrote at 2003-2-21 16:28 -0500:
> has anybody ever set up a site with a large number of roles?
> we're contemplating a security model for our app that might
> lead to ~ 100 Roles within a year, possibly thousands
> within the next 5 years. (Outline of the actual problem is
> at the end of this message)
I think (not sure, though) that Zope has the following time
complexity for permission checking:
If a user has "u" roles and a permission is allowed for
"a" roles, then Zope checks for each of the "u" roles
whether it is in the list of "a" roles.
The complexity is "u * a" whith can be too high for
large "u" and "a".
It is easy to optimize this to "u + a" (via a dictionary),
then thousands of roles should not be a problem.
Dieter