duststorm
commented
5 years ago If there is a superuser cache, the superuser check might even be moved directly after an auth check is successful. This would again cause a big reduction in the number of back-end calls, as every ACL check will no longer be preceeded by a superuser check.
If a back-end test for superuser is succesful, the fact that the user is a superuser is not stored. Instead, a cache entry is added for the specific topic, user and acc type combination is stored. This can cause a lot of unneeded back-end calls. Much like static superuser checks, a lot of ACL checking could be skipped if there was a cache for superusers.