In general there will be very few distinct ACLs, so our current implementation that stores an ACL with each znode is inefficient. It has a significant impact on our memory footprint, has some runtime checking overhead, and it impacts the time and storage needed to do a snapshot.
The following things should be implemented to improve our ACL management:
* There should be a table of distinct ACLs. Znodes should store an integer that will be an index into the ACL table.
* Connections should cache the permissions that they have with respect to a given znode. This makes permission checks on a cached ACL just a simple AND operation.
* Store the ACL table at the start of the snapshot and store indexes with the znodes.