Access Control Caching
Cache Invalidation
For external authorization, access control caches are invalidated after...
- cache timeout
- user logout and login
Performing a login or logout always enforces the invalidation of all caches related to the current user.
There are three additional cases where the invalidation is not performed immediately and require the user to re-login or to wait for a cache timeout:
- If a role assignment is granted to or revoked from a user group.
- If a role block is set or removed.
- If nested groups are enabled and group A is added or removed from group B.
To enforce a permissions refresh, perform a logout and login for the user.
Alternatively, edit...
WP_PROFILE/PortalServer/config/CacheManagerService.properties
...and set...
- To allow immediate propagation of all permission changes, remove the comment tag from...
cacheinstance.com.ibm.wps.ac.AccessControlUserContextCache.enabled
...and set the value to false. This can have a considerable performance impact.
- To speed up permission refresh by timeout, the lifetime of this cache can be decreased by setting...
cacheinstance.com.ibm.wps.ac.AccessControlUserContextCache.lifetime
...(in seconds) to a lower numerical value. This can also have a performance impact.
- For nested groups, you can also modify the enabled or lifetime values for both...
- cacheinstance.com.ibm.wps.ac.groupmanagement.NestedGroupCache
- cacheinstance.com.ibm.wps.ac.groupmanagement.GroupCache
This can also have a performance impact.
See also
review the cache settings.
Parent topic
Controlling access