XF 1.4 brutal clean out of permissions

[Jim Boy]

Over time, our board has accumulated alot of individual based permissions. Subsequently the permissions cache has grown to around 500 MB in size. This has lead to issues of add-ons taking a long time to load, any time I update the software, I have to allow php to run scripts of 500MB in size otherwise the updates fail. Often have problems with permissions on usergroups etc. So I've decided to try a bulk cleanout by deleting all individual based permissions (user_id>0) from permission_entry, permission_entry_content and permission_combination via a sql script. I'll also be excluding any mods or staff from this clean up. A typical script would be "delete from xf_permission_entry where user_id>0 and user_id not in (select user_id from xf_user where is_moderator=1 or is_admin=1 or is_staff=1)".

I've tested this on my test box, and it seems ok, but I'd like the opinion people who actually know the the permissions system at a high technical level before I proceed.

And yes, I have run the permissions clean up task.

 

[Mike]

I was going to say that you'll wipe out moderator permissions with this, but you've covered that. That's probably sufficient, though you may want to look at the permissions to see if there's anything worth keeping.

The tricky bit comes down to permission combinations then. I think that a user cache rebuild should do rebuild the selected permission combinations as necessary, since you're just removing user permissions. Then you should do a permission clean up and finally a master data rebuild to ensure the combinations all reflect the correct permissions (they should already, but to be sure).

I would do this on a test DB first to make sure it all goes to plan.

 

[Jim Boy]

Thanks for the info, when I ran on my test box I also truncated permission_cache_content, once the permissions had finished rebuilding the number of of permission combinations had shrunk from 967 to 166