OverviewThe SystemPermission class now participates in configuration monitoring, reacting to permission changes in near-real-time. This removes the need for power users to recycle the application when adding new roles or permissions. DetailThe SecurityPermission and QboMembershipUser classes cache a dictionary of permissions when a QBO3 application domain starts. Dictionary entries are structured as: {Permission}: {Role Permission Bit Map}
Typical QBO3 systems have dozens of roles and thousands of permissions, so generating this dictionary is a reasonably expensive operation. To make security verification checks reasonably performant, this dictionary is cached.
It is insufficient to have SystemRole/Save, SystemFunction/Save, or SystemPermission/Save to clear the security map from cache, for two reasons: - Bulk inserts would cause repeated clearing of the cache, and
- A single server in a server farm would not trigger clearing of the cache on other servers
Thus, SystemPermission/Monitor will poll the database for changes to the SystemRole, SystemFunction or SystemPermission tables, and clear the cache.
|