I just started working a bit on this, I'll try to answer Don's questions in the next days.
Personally I don't find the permissioning code too slow. The system in question is huge and finely-grained permissioning is probably not a good idea - not for "coarse" things.
I was careful in avoiding to complain about speed of the permissioning system :) Here's the explain plan output
94 recursive calls
232 db block gets
167407 consistent gets
1401 physical reads
for this query:
SQL> select site_node.url(node_id) as url, acs_object.name(object_id) as name
from site_nodes
where parent_id = site_node.node_id('/')
and object_id is not null
and acs_permission.permission_p(
object_id,
acs.magic_object_id('the_public'),
'read') = 't';
Timed statistics etc. all later
What I want is a careful consideration of how we can make central tables a bit (fair bit? a lot?) lighter - *without* breaking the past and that step by step.
Don, could you post this list of modifications to the kernel? There's no need for the list to be complete, we could put this onto a project page, try to order it by impact in complexity, time, and benefits, and start discussing the value of every modification.
