In this article we can explore the Performance Impact on Unique Permissions.
What is Unique Permission?
In SharePoint there are mainly 2 types of Permissions:
- Inherited Permission
- Unique Permissions
While creating a site, list or library by default it inherits permissions from its parent. In this case whatever permission is changed in the parent level will be carried forward to the new child.
For example you have a common site where all the employees have read access. You are creating a new restricted library under this site, which by default all the employees can read.
In the case you can bread an inherited permission at the list level & add only those users with read permission. This method is called "breaking permission" or assigning "unique permission".
Performance Impact
Coming to the point, I have noticed that there are rumors spreading that a unique permission leads to "under performance" meaning that there is more time in loading the list or associated list items.
The following are the 3 cases that we are going to examine here:
- List with Inherited Permission vs. List with Unique Permission
- List Items with Inherited Permission vs. List Items with some having Unique Permissions
- List Items with Inherited Permission vs. List Items with all having Unique Permissions
Let us "benchmark" the performance with a 1000 item scenario.
Benchmark Application
I am using a small WPF application that creates the lists & associated list items. Please note that the Performance is tested only for accessing the list items.
The Code
The following is the code to create Lists:
private void CreateList(string title)
{
using (SPSite site = new SPSite(UrlText.Text))
{
using (SPWeb web = site.OpenWeb())
{
// Delete List
if (web.Lists.TryGetList(title) != null)
{
web.Lists[title].Delete();
}
// Create List
Guid guid1 = web.Lists.Add(title, string.Empty, SPListTemplateType.Contacts);
web.Lists[guid1].OnQuickLaunch = true;
web.Lists[guid1].Update();
SPList list = web.Lists[title];
// Insert new items
for (int i = 1; i <= 1000; i++)
{
SPListItem item = list.Items.Add();
item["Title"] = "Title" + i;
item["ZIP/Postal Code"] = i;
item.Update();
}
}
}
}
The following is the code that breaks the inheritance in list level:
private void BreakListInheritance(string title)
{
using (SPSite site = new SPSite(UrlText.Text))
{
using (SPWeb web = site.OpenWeb())
{
web.Lists[title].BreakRoleInheritance(true);
}
}
}
The following is the code that breaks inheritance at the item level:
private void BreakListItemsInheritance(string title, int count)
{
using (SPSite site = new SPSite(UrlText.Text))
{
using (SPWeb web = site.OpenWeb())
{
SPList list = web.Lists[title];
for (int i = 0; i < count; i++)
{
list.Items[i].BreakRoleInheritance(true);
}
}
}
}
On running the application the Milliseconds are observed in fetching the items are the following:
-
Case 1 retrieved items around 90 milliseconds
-
Case 2 retrieved items around 90 milliseconds
-
Case 3 retrieved items around 90 milliseconds
You can use the source code attached to examine the code & run the application.
Inside SharePoint, the lists we will see are:
Opening the lists manually too, I cannot see any performance difference.
The Conclusion
As we have tested with Breaking Inheritance at the List level, Items level, All Items level and still cannot find any enormous difference in Performance for a typical 1000 items scenario.
Please note that breaking inheritance at the item level up to 1000 items is a rare case.
Whenever Unique Permissions are implemented there are more calls to the database in fetching Permission Information. But we can see that if there are only a few items involved (for example less than 100), the performance impact is negligible.
Tip: In the real world scenario if a list has multiple items with unique permissions, it is recommended to use a separate list with the prefix Restricted.
References
http://bit.ly/10uiVpB
Summary
In this article we have explored various case studies involving Unique Permissions. The typical benchmark scenario shows that there is not much impact in performance in just breaking permissions.