API roles and lookup performance

Whenever Cloud API receives a JWT, it must look up the roles on the JWT and then attempt to match them to role.yaml files. For internal users, this lookup involves a query of the User table for the user's roles. The lookup may encounter roles that are either in the JWT or returned by the User table query for which they are no corresponding role.yaml files. The lookup may also have to resolve roles whose names have been translated.

To improve the performance of this lookup, the role names for the default language and US English are now cached by PLDependencies (RoleNameCache). This cache refreshes:

• Any time a Role is updated.
• After the number of minutes specified by the RoleNameCacheStaleTimeMinutes application configuration parameter has elapsed.

In the base configuration, RoleNameCacheStaleTimeMinutes is set to 60 minutes. The parameter can have a minimum value of 1 and a maximum value of 720.