[Rt-devel] Why are Groups cachedmembers of themselves?

Joby Walker joby at u.washington.edu
Mon Oct 30 20:13:00 EST 2006

Jesse Vincent wrote:
>> So why is this necessary?  Is it for ACL checks on User Defined groups?
> It's for ~all group ACL and groupmember checks.

Ok, it took me a while to see where the cachedgroupmember record is 
necessary: When you make a check to see if a group has the ACL to do X 
(exactly what you said).

The impact of adding hundreds of thousands of additional records seems 
like a very high cost to be able to do these group queries just like 
user permission queries.

I grabbed a fresh rt-3.4.4 (what we currently use) and Modified the 


comment out line 511,512 where the group is added as a cached member of 


Add on line 401 (just before the "Build that honkin-big SQL query") a 
check that if the Principal is a Group to determine if that group has a 
specific ACL.

     if ($self->IsGroup) {
	my $qb = 'SELECT ACL.id from ACL, Principals WHERE'
	        ." ( ACL.RightName = 'SuperUser' OR ACL.RightName = '$right' ) "
		."AND Principals.Disabled = 0 "
		."AND Principals.id = " . $self->Id . " "
		."AND Principals.id = ACL.principalid "
		."AND ( " . join( ' OR ', @look_at_objects ). ") ";
         $self->_Handle->ApplyLimits( \$qb, 1 );
         my $hitcount = $self->_Handle->FetchResult($qb);
	if ($hitcount) {
             return (1);

With these two changes all of the regression tests pass.

Joby Walker
C&C SSG, University of Washington

More information about the Rt-devel mailing list