-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Server Security
-
Security 2024-10-14
-
(copied to CRM)
-
None
-
None
-
None
-
None
-
None
-
None
-
None
The AuthzLockGuard is an RAII type used to take a lock on a mutex that synchronizes user management commands (UMCs). Upon destruction, it invalidates the entire user cache if it was taken in invalidate mode, which applies for all write-based UMCs. Read-only UMCs such as usersInfo and rolesInfo take the AuthzLockGuard in readonly mode, which causes it to skip user cache invalidation.
There are 2 ways we can improve performance here:
- Rather than invalidating the entire user cache in invalidate mode, we can invalidate just the affected users and/or tenant if a UMC just acts on a single user (e.g., createUser, updateUser )
- We can use a shared_mutex so that concurrent threads taking the AuthzLockGuard in readonly mode can operate without blocking each other. AuthzLockGuard in invalidate mode will take exclusive access as they represent write operations. This will ensure that concurrent usersInfo and rolesInfo operations can run without being serialized.