It's been reported that when effectiveRoles and effectiveAssignments returnbyDefault is enabled and when roles are not queried by the client, IDM will still try to get the data from the DB even though it's not needed.
- Setup IDM with a DB as repo (example here is with mysql)
- Create a managed user and assign him some roles (e.g 3 roles)
- Add another role using HTTP PATCH quering the _id field only. Note that effectiveRoles and effectiveAssignments returnbyDefault flag is true (by default). For example:
Observe the IDM logs, you will see the following SQL queries:
- Now try adding a 5th role, however, this time disable the returnByDefault flag for the effectiveRoles and effectiveAssignments.
Observe the IDM logs
This can have a serious effect on Database performance whe multiple relationships are linked to the user. It's been observed that when the flag is disabled, the response times are 85% faster.
This is linked to