ARCH-346: Consolidated permission approach evaluation

Sunflower BF datasets

sebf - cs00000int

sebf - fs09000000

Performance Evaluation

Performance has been evaluated locally deployed single-node keycloak with load balancer ahead (nginx)

1 single realm with 100,000 of target permissions (role + scope + role policies)

Local Dataset Data (Single Tenant)

Local Dataset Data (Multi Tenant)

Plain Approach Evaluation (single tenant | 100,000 permissions)

This approach provides permissions in the following way: scope + resource + policy

Open

Open

Plain Approach Evaluation (3 tenants | 250,000 permissions | 750,000 total)

Open

Open

Consolidated Approach Evaluation (single tenant | 100,000 permissions)

This approach provides permissions in the following way: scope + resource + set(policies)

Open

Open

Consolidated Approach Evaluation (3 tenants | 250,000 permissions | 750,000 total)

Open

Open

Conclusions

• Consolidated approach is faster for permission loading (750k is loaded in >2 minutes comparing with plain approach that takes ~10-15 mins)

• Consolidated have compared permissions (but it has to be validated against multiple tenants and larger number of permissions in system)

• Tenant management is faster (including realm removal) with consolidated approach, it will also affect realm import