Security evaluation performance with large Active Directory
We noticed that running large scale environment with 2000+ users and about 50-60 streams, Repository service starting to be bottle neck in the the system - long response time on HUB noticed first. (Stream cache bust takes about 40s to load)
Secondly we noticed that users brings in up to 900 attributes and only 5-20 of them are related to Qlik. It means that rest (880) attributes are not related to Qlik but still synced to DB.
As we have security rules based on User attributes this cause performance issues (long evaluation time). Is there any way to import only Qlik related groups - example with starting prefix QLIK_* -> then security evaluation will take less time due to check will not be performed on all 900 groups.
As it is noticed in Qlik Help - User attributes are sync during log in to HUB - so even if we remove unused groups directly from Repository DB Qlik will sync attributes again and we cant do nothing about it. This limitation does not seems to be related to UDC or Ldap filters, but it is Global Qlik pattern - as RnD says "Works as Design".
Could you please share your experience about such case - maybe anyone found out workarounds?