uPortal has a pretty complex model for permissions. We use...
and 3 out of 4 (the ones with '+') of these can be hierarchical. This situation means that the number of potential checks – when the user wants to do something that's governed by permissions – can be very large.
Admin users have 'superuser' authority and therefore permission checks for them are relatively quick. But month-by-month the portal is doing more things that require permissions for users who are not admins. Many of the RESTful JSON feeds are good examples; collections of portlets, etc. are (rightly) filtered by the user's permissions.
The Java code in AnyUnblockedGrantPermissionPolicy is old, disorganized, and hard to penetrate. This situation makes it difficult to troubleshoot or tackle performance. We should clean it up.
We should also apply more caching within that class if it can be shown to help.