Post date: Sep 08, 2017 4:43:14 PM
Overview
The SystemPermission class now participates in configuration monitoring, reacting to permission changes in near-real-time. This removes the need for power users to recycle the application when adding new roles or permissions.
Detail
The SecurityPermission and QboMembershipUser classes cache a dictionary of permissions when a QBO3 application domain starts. Dictionary entries are structured as:
{Permission}: {Role Permission Bit Map}
Typical QBO3 systems have dozens of roles and thousands of permissions, so generating this dictionary is a reasonably expensive operation. To make security verification checks reasonably performant, this dictionary is cached.
It is insufficient to have SystemRole/Save, SystemFunction/Save, or SystemPermission/Save to clear the security map from cache, for two reasons:
Bulk inserts would cause repeated clearing of the cache, and
A single server in a server farm would not trigger clearing of the cache on other servers
Thus, SystemPermission/Monitor will poll the database for changes to the SystemRole, SystemFunction or SystemPermission tables, and clear the cache.