Affects Version/s: 2.0.0
Fix Version/s: 2.0.1
Fortress supports two way user-role assignments. That is the role attribute is stored on user object, and the user membership is on the Role object. The latter is to be compatible with non-rbac implementations that use traditional group membership lookups for access control.
The problem is when group have large numbers of users, i.e. 10’s of thousands, performance degrades on the edits of those objects.
Strictly speaking fortress doesn’t need to associate user membership with roles, for its RBAC controls.
add a option to disable, with config switch:
role.occupants = false <— disable role-to-user mapping
role.occupants = true <— enable role-to-user mapping