To increase the performance of FezACML security rules lookups a security index was created following a similar design to the Fez search index. Creating this index avoided the performance problem of looking up potentially many FezACML datastreams in parent objects, by clumping all the security rules for a specific object together.
After heavy content ingestion into UQ eSpace the performance of the security index degraded to a point where it is noticeable (while still useable). A redesign of the security index has been planned for the next release of Fez which will store the rule pairs separately from the rule to PID and datastream ID combination. This will make the security index far more efficient. For example in the production UQ eSpace security index there are roughly 250,000 rows however there are only about 256 different rules. Breaking the relationship between the rule and the object into separate tables will allow MySQL to speed up queries on the index dramatically.