#13 Better ACL management

server (8)

In general there will be very few distinct ACLs, so our current implementation that stores an ACL with each znode is inefficient. It has a significant impact on our memory footprint, has some runtime checking overhead, and it impacts the time and storage needed to do a snapshot.

The following things should be implemented to improve our ACL management:

* There should be a table of distinct ACLs. Znodes should store an integer that will be an index into the ACL table.
* Connections should cache the permissions that they have with respect to a given znode. This makes permission checks on a cached ACL just a simple AND operation.
* Store the ACL table at the start of the snapshot and store indexes with the znodes.


  • Benjamin Reed

    Benjamin Reed - 2008-05-12
    • milestone: --> 3.0.0
    • assigned_to: nobody --> mahadevkonar
  • Patrick Hunt

    Patrick Hunt - 2008-06-10
    • status: open --> closed

Log in to post a comment.