I think the use of the acs_object_party_privilege_map is safe to use to retrieve the correct rows rather than to do as you've done, which is to retrive all the possibly correct rows then return whether or not "read" is allowed, where presumably you throw away the "false" rows at the Tcl level.
Note though that this is *only* true because of the changes made in 4.6.1. Beforehand using the view was, as I've said above. asking for trouble, guaranteed in Postgres and with about a 50% probability in Oracle with the odds being due to the unpredictable behavior of the Oracle query optimizer.
So you might try recasting that query using my
exists
clause above as a model, getting rid of the permission_p call in the rowset portion of your select clause.
I'd be interested in seeing a comparison between the two, if, of course, you have the time to do so and sufficient curiousity.
The more data we get, the easier it will be to think about any future optimizations we might make and the more confident we can feel when writing a "best way to query permissions" guide.
