IBM BS029ML Self Help Guide - Page 109

When the PAC configuration is to be persisted, the datastore persistence layer is called to pass the configuration data to the portal database. The Portal Access Control runtime decision module has to retrieve the persisted permission data through the datastore persistence layer. In order to reduce the IO traffic to the datastore, the portal architecture adopts a fairly sophisticated cache management system. The multi-level fine-grained controls over PAC caches gives the portal administrator a lot of flexibility and opportunities in tuning the performance. On the other hand, improper PAC cache settings could adversely cause serious performance degradation to the portal system. In WebSphere Portal Version 6, the PAC and other cache configurations are managed by CacheManagerService. A default set of configuration parameters are presented in CacheManagerService.properties in /shared/app/wp.services.properties.jar. These settings can be customized through "WP CacheManagerService" in the WebSphere Administrative Console by selecting Resources → Resource Environment Providers → WP CacheManagerService. Access Control Runtime Access Control Admin External Access Control SPI Access Control Service Access Control Commands PAC - API Access Control Config Service Internal Configuration API Access Control Engine PAC Implementation PAC Cache Data Store Persistence Layer Portal Database Figure 4-4 Portal Access Control components Some suggestions on tuning the PAC caches are summarized below: Keep the access control configurations as simple as possible. Minimize the number of user groups. Minimize the number of different groups to which the users belong. Avoid nested group hierarchies and depth of the nested groups. Avoid doing access control administration while the system is under heavy load. Limit the use of external access control. Chapter 4. WebSphere Portal security 95