PermissionManagerImpl uses ThreadLocal for permission caching. This means that once the permissions are loaded for one thread (ex. thread 1), they are there until someone changes the permissions using the PermissionManager (on that thread). If permissions are edited on another thread (thread 2), thread 1 never gets updated. So permissions are inconsistent until the portal is restarted.