We have several places where we rely on transactions to support read/modify/write semantics for incrementing IDs. This works but using DB support is rather expensive and we can user in-core serializations to help with this at least within a single node and rely on DB for multi-node synchronization.
This isn't much of a problem for path updates since they are driven by HMSFollower which usually runs on a single leader node, but permission updates originate from clients directly and may be highly concurrent.
We are internally serializing all permissions update anyway, so doing partial serialization on every node helps.
The patch serializes all calls that affect permission updates.