improved data integrity after deleting items sometimes left over some foreign-key-items
performance, especially for
navigation data lookup
IsUserAuthorized checks
Allow and Deny rules for memberships
Allow and Deny rules for authorizations
pave the way for (multiple) membership inheritance
inheritance of completely calculated membership sets, so that inheriting from a 2nd group with a deny rule for user A doesn't automatically deny user A being Allow-member of 1st group
pave the way for (multiple) authorizations inheritance
inheritance of all Allow and Deny rules, so that inheriting from a 2nd security object with a deny rule for user A does automatically deny user A being authorized of 1st security object
pave the way for splitting application objects into security objects + 0...n navigation items
What was the purpose of the server IDs with negative numbers and the dependencies of related code? Do they point to changed database structure? If yes, code update is required.
Major improvements shall be