We have a solution based on SharePoint were we have around 4000 items on 2 lists. Each item has unique permissions. There are about 300 users in the system, to each item 6-7 users and 6 SharePoint groups have the permissions assigned (read permissions). Unfortunately, when we have assigned the permissions, we did not delete all the “Limited access” settings that were inherited from the list (around 300 entries). We started to have severe performance problems – each list query took about 1,5 second. Since we are doing some calculations and item modifications, we have a lot of list queries in our code. When we took a look at the SQL queries we saw that there are around 750 thousand role assignments on each list, which in our opinion are causing such long query times. We have turned on permission inheritance on all items, but that did not help – the number of role assignments did not drop. Has anyone ancountered a similiar issue and knows what can cause this behavior?

Complex and/or granular security might not be the only cause for the performance issue. Other factors include the hardware, network, active directory, number of items in a view, etc. Has the same list been tried on the same environment without security?

Here is an article on SharePoint ACL hard limits and best practice which I think you may have already read: http://weblogs.asp.net/erobillard/archive/2008/09/11/sharepoint-security-hard-limits-and-recommended-practices.aspx The recommended practice which is relevant to your case includes: · If many securable objects share the same ACL, then group them into a container with that ACL. · The more ACLs you create, the more ACLs you have to manage Since your AS-IS situation is that you had setup fine-grained permission (Each item has unique permissions) which is not recommended, It may cause performance issue as you are experiencing. Here I found an article on security data model: http://kjellsj.blogspot.com/2008/10/sharepoint-acls-roledefinitions.html ; And searching with keywords “alluserdata acl” in MSDN http://social.msdn.microsoft.com/Search/en-US?query=alluserdata%20acl&ac=8 , I get this: http://msdn.microsoft.com/en-us/library/dd340769(PROT.13).aspx . It says the ACL is stored as image type in database. That’s all I have found so far. Could you please share with us more of your finding with database performance measuring tools to get the long running query in T-SQL or Blocking detected? Gu Yuming TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com

Hi spq, resetting will increase the number of entries in the roleassignments list if you had removed the limmited access permissions from the items when they had their own assignments. If you turn inheritance back on the roleassignments for the listitems will inherrit all the entries with limited asscess from the parent list since they are not deleted when inheritance is reactivated. If you want to reduce the number of entries in that list you would have to remove all permissions from the list and rebuild them because by deleting an entry and adding it back you remove the limited access permission for that user or grop which was there because of the broken inheritance. best regards MOSS_Test_Dummy