On Sat, 5 Oct 2019, John Rouillard wrote:

> Validating all perms in my tracker means that > 2/3 of the validation
> would be thrown away on every rest/xmlrpc/web page hit. E.G. If the
> user's role is User, there is no need to validate the Agent,
> Provisional User, Anonymous, or Admin roles of permissions every
> single time.

I was supposing Roundup is being used in a form where the schema is loaded 
once at startup, not once for each page hit.  E.g. in the normal case 
roundup-server uses roundup.instance.open (which is where the check would 
go, somewhere after loading the schema) only once for each named tracker, 
before starting listening for http and forking for each request (and 
thus if you change the schema you have to restart roundup-server).