When a user is a member of lots of groups (e.g. > 280), then the response time of Cockpit slows down.
The performed queries contain an authorization check, which is in case of lots of groups quite complex (the authorization check contains for each given group a check). This leads to performance problems so that the response time in Cockpit slows down.
- instead of generating many case statements, the query can use GROUP_ID_ in (...).
- to further reduce this, at the beginning of a command, we can acquire a list of group names for which authorizations exists (select distinct GROUP_ID_ on the authorization table). All group ids of which the user is currently member but are not used or auth could be ignored. This would make it deal better where the user is member of many groups (usually through LDAP) but only very few of these groups are actually used for authorizing process engine resource access