API roles and lookup performance
Whenever Cloud API receives a JWT, it must look up the roles on the JWT and then attempt
to match them to role.yaml
files. For internal users, this lookup
involves a query of the User
table for the user's roles. The lookup may
encounter roles that are either in the JWT or returned by the User
table query for which they are no corresponding role.yaml
files. The
lookup may also have to resolve roles whose names have been translated.
To improve the performance of this lookup, the role names for the default language and US English are now cached by PLDependencies (RoleNameCache). This cache refreshes:
- Any time a Role is updated.
- After the number of minutes specified by the
RoleNameCacheStaleTimeMinutes
application configuration parameter has elapsed.
In the base configuration, RoleNameCacheStaleTimeMinutes
is set to 60
minutes. The parameter can have a minimum value of 1 and a maximum value of 720.