Configure Access Result cache values

Abstract

How to configure the Access Result cache values for the Content Delivery and Content Management roles.

Applies to

Content Delivery, Content Management

Each time a user accesses an item (or a field), Sitecore resolves and caches that user's access rights in the Access Result cache. Resolving access rights typically takes longer than accessing them in a hashtable, so using a cache improves performance. A cache entry consists of a key and a value.

The key stores information about:

  • The entity (item or field)

  • The requested access right (read, write, delete, and so on)

  • The account that requested the access (user or role)

The value stores a simple result: Allow or Deny access. In addition, the cache record also contains an explanation. The explanation states why a user or role has/does not have the right to read, modify, or delete an item. The Access Viewer uses this information.

With a new Sitecore installation, you might see thousands of warnings in the logs:

WARN AccessResultCache cache is cleared by Sitecore.Caching.Generics.Cache`1+DefaultScavengeStrategy[[Sitecore.Caching.AccessResultCacheKey, Sitecore.Kernel, Version=12.0.0.0, Culture=neutral, PublicKeyToken=null]] strategy. Cache running size was 9 MB.

If this occurs, then the default cache size of 9 MB is too small for your environment.

To configure the cache size:

  1. Create a patch file to increase the size to, for example, 200MB:

    <?xml version="1.0"?>
    <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/" xmlns:set="http://www.sitecore.net/xmlconfig/set/">  
        <sitecore role:require="Standalone or ContentDelivery or ContentManagement">      
            <settings>        
                <setting name="Caching.AccessResultCacheSize" value="200MB" />      
            </settings>    
        </sitecore>
    </configuration>
  2. Deploy the patch to your hosting service, for example, App Services and check that the warnings have disappeared in the log.

    Note

    You might notice a performance increase.

If you have a website that does not use Sitecore security and all published content is visible to anyone browsing the web page on the Sitecore CD servers, then you might not require the Access Result cache. You can therefore disable all security checks on the Web database.

Important

Before you disable security checks, make sure that that there are no security-protected areas on your site. If you have security-protected areas on your site, then disabling the cache impacts performance.

To disable security checks on your website:

  1. Create a patch file to disable Sitecore security:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/">  
        <sitecore>
            <databases>
                <database id="web" role:require="ContentDelivery">
                    <securityEnabled>false</securityEnabled>
                </database>
            </databases>
        </sitecore>
    </configuration>
  2. Deploy the patch to your hosting service, for example, App Services.

    Note

    You might notice a performance increase.