+

Search Tips   |   Advanced Search


Access Control Caching

Access Control internally uses several caches to increase access control decision times. You can improve access control performance for special scenarios by setting the lifetime and size properties of these caches in the Cache Manager Service. In most cases, WebSphere Portal will run smoothly with the default cache settings. However, if you have a large number of resources or a large number of customized resources, you may want to change the cache settings to see if you can improve performance.

See Performance tuning of Portal Access Control for access control performance considerations.


Cache Invalidation Behavior

In most cases, all necessary access control caches are immediately invalidated when a change to the access control configuration is done such as assigning roles to a user. If using External authorization, it is not possible to permanently synchronize the caches with changes to externally managed roles.

For users that already have an authenticated portal session when the change becomes valid, they must wait for a cache timeout or logout and re-login for the changes to become active for that user. Performing a login or logout always enforces the invalidation of all caches related to the current user. There are three additional cases where the invalidation is not performed immediately and require the user to re-login or to wait for a cache timeout:

As in the external case, you can enforce a permissions refresh by performing a logout and login for the user. Alternatively, modify the following properties in the profile_root/PortalServer/config/CacheManagerService.properties file to influence the caching behavior:

After modifying the CacheManagerService.properties file, run the following task, from profile_root/ConfigEngine, to make the changes effective:


Parent topic:

Controlling access