qbo.Security SystemPermission Monitoring

posted Sep 8, 2017, 9:43 AM by Eric Patrick


The SystemPermission class now participates in configuration monitoring, reacting to permission changes in near-real-time. This removes the need for power users to recycle the application when adding new roles or permissions.


The SecurityPermission and QboMembershipUser classes cache a dictionary of permissions when a QBO3 application domain starts. Dictionary entries are structured as:
  • {Permission}: {Role Permission Bit Map}
Typical QBO3 systems have dozens of roles and thousands of permissions, so generating this dictionary is a reasonably expensive operation. To make security verification checks reasonably performant, this dictionary is cached.

It is insufficient to have SystemRole/Save, SystemFunction/Save, or SystemPermission/Save to clear the security map from cache, for two reasons:
  • Bulk inserts would cause repeated clearing of the cache, and
  • A single server in a server farm would not trigger clearing of the cache on other servers
Thus, SystemPermission/Monitor will poll the database for changes to the SystemRoleSystemFunction or SystemPermission tables, and clear the cache.