This is one of the data gathering methodologies and recommendations for functional performance improvement. The full list is defined in the Performance Recommendations topic.
While STEP allows a very granular privilege system and privilege setups, complex privilege models can lead to a degradation in performance. Running STEP as a user with a large number of very specific privileges influences the performance of any action in STEP that goes across a large number of nodes, values, or references. This performance impact includes export, import, bulk update, recursive approval, matching, and 'multi views' like task list and multi editor.
For more information, refer to the Privilege Rules topic in the System Setup documentation here.
Privilege Configurations
Privileges are additive only, which means that whenever a basic action is executed, STEP looks for the first privilege that provides the permission.
In terms of performance, the most expensive privilege check is attempting a task for which the user does not have access. The least expensive privilege check is when a user has global permission to everything.
Additionally, consider the following when setting privileges:
- Very specific and granular permissions result in a longer search for the appropriate privilege.
- Assigning privileges on a group of objects (and using the hierarchy to access these objects) provides a less expensive listing than assigning privileges on each object separately.
- Avoid excessive privilege checking to improve performance.