Time Complexity: Access policies vs RBAC
O(n)
0
0
Access policies vs RBAC in Azure - Performance Comparison
Understanding Time Complexity
We want to understand how the time to check permissions grows when using access policies versus role-based access control (RBAC) in Azure.
How does the system handle more users or resources when deciding access?
Scenario Under Consideration
Analyze the time complexity of permission checks using access policies and RBAC.
// Access policy check
var isAllowed = CheckAccessPolicy(user, resource);
// RBAC check
var roles = GetUserRoles(user);
var isAllowed = CheckRolePermissions(roles, resource);This sequence checks if a user can access a resource either by direct access policies or by roles assigned to the user.
Identify Repeating Operations
Look at what repeats when checking access for many users or resources.
- Primary operation: Checking user permissions via policies or roles.
- How many times: Once per access request, repeated for each user-resource pair.
How Execution Grows With Input
As the number of users or resources grows, the checks increase accordingly.
| Input Size (n) | Approx. API Calls/Operations |
|---|---|
| 10 | 10 permission checks |
| 100 | 100 permission checks |
| 1000 | 1000 permission checks |
Pattern observation: The number of permission checks grows directly with the number of access requests.
Final Time Complexity
Time Complexity: O(n)
This means the time to check permissions grows linearly with the number of access requests.
Common Mistake
[X] Wrong: "Checking access policies or RBAC is instant and does not depend on the number of users or resources."
[OK] Correct: Each access check requires looking up policies or roles, so more users or resources mean more checks and more time.
Interview Connect
Understanding how permission checks scale helps you design systems that stay fast as they grow, a key skill in cloud architecture.
Self-Check
"What if we cached user roles after the first check? How would that affect the time complexity of RBAC permission checks?"