Jun 17, 2025 · Jun 17, 2025
diff --git a/coderd/rbac/authz_internal_test.go b/coderd/rbac/authz_internal_test.go

 {resource: ResourceWorkspace.WithOwner("not-me")},
 }))

 // Prebuild
 prebuildUserID := uuid.MustParse("c42fdf75-3097-471c-8c33-fb52454d81c0").String()
 prebuilder := Subject{
 ID:    prebuildUserID,
 Scope: must(ExpandScope(ScopeAll)),
 Roles: Roles{
 {
 Identifier: RoleIdentifier{Name: "Prebuilder"},
 Site:       []Permission{},
 Org: map[string][]Permission{
 defOrg.String(): Permissions(map[string][]policy.Action{
 ResourcePrebuiltWorkspace.Type: ResourcePrebuiltWorkspace.AvailableActions(),
 }),
 },
 User: []Permission{},
 },
 },
 }

 testAuthorize(t, "AllWorkspaceActions", prebuilder,
 cases(func(c authTestCase) authTestCase {
 c.actions = ResourceWorkspace.AvailableActions()
 return c
 }, []authTestCase{
 // Prebuild cannot access all workspaces
 {allow: false, resource: ResourceWorkspace.InOrg(defOrg).WithOwner(user.ID)},
 // They can access their workspaces because of the prebuild user ID
 {allow: true, resource: ResourceWorkspace.InOrg(defOrg).WithOwner(prebuildUserID)},
 // Also the prebuild type, although this should never be used directly.
 {allow: true, resource: ResourcePrebuiltWorkspace.InOrg(defOrg).WithOwner(prebuildUserID)},
 }),
 )
 }

 // TestAuthorizeLevels ensures level overrides are acting appropriately
diff --git a/coderd/rbac/benchmarks/benchstat_authorize_benchmark.txt b/coderd/rbac/benchmarks/benchstat_authorize_benchmark.txt
 goos: linux
 goarch: amd64
 pkg: github.com/coder/coder/v2/coderd/rbac
 cpu: AMD EPYC 9454P 48-Core Processor
                                        │ main_rbac_authorize_benchmark_output.txt │ poc_rbac_authorize_benchmark_output.txt │
                                        │                  sec/op                  │      sec/op        vs base              │
 RBACAuthorize/NoRoles-16                                              2.120µ ± ∞ ¹        2.143µ ± ∞ ¹  +1.08% (p=0.032 n=5)
 RBACAuthorize/Admin-16                                                3.702µ ± ∞ ¹        3.775µ ± ∞ ¹  +1.97% (p=0.008 n=5)
 RBACAuthorize/OrgAdmin-16                                             3.840µ ± ∞ ¹        3.939µ ± ∞ ¹  +2.58% (p=0.016 n=5)
 RBACAuthorize/OrgMember-16                                            3.863µ ± ∞ ¹        3.919µ ± ∞ ¹       ~ (p=0.087 n=5)
 RBACAuthorize/ManyRoles-16                                            6.084µ ± ∞ ¹        6.264µ ± ∞ ¹  +2.96% (p=0.008 n=5)
 RBACAuthorize/ManyRolesCachedSubject-16                               6.086µ ± ∞ ¹        6.230µ ± ∞ ¹  +2.37% (p=0.008 n=5)
 RBACAuthorize/AdminWithScope-16                                       3.658µ ± ∞ ¹        3.794µ ± ∞ ¹  +3.72% (p=0.008 n=5)
 RBACAuthorize/StaticRoles-16                                          3.466µ ± ∞ ¹        3.596µ ± ∞ ¹  +3.75% (p=0.008 n=5)
 RBACAuthorize/StaticRolesWithCache-16                                 3.483µ ± ∞ ¹        3.589µ ± ∞ ¹  +3.04% (p=0.008 n=5)
 geomean                                                               3.860µ              3.958µ        +2.54%
 ¹ need >= 6 samples for confidence interval at level 0.95
diff --git a/coderd/rbac/benchmarks/benchstat_authorize_groups_benchmark.txt b/coderd/rbac/benchmarks/benchstat_authorize_groups_benchmark.txt
 goos: linux
 goarch: amd64
 pkg: github.com/coder/coder/v2/coderd/rbac
 cpu: AMD EPYC 9454P 48-Core Processor
                                                      │ main_rbac_authorize_groups_benchmark_output.txt │ poc_rbac_authorize_groups_benchmark_output.txt │
                                                      │                     sec/op                      │          sec/op           vs base              │
 RBACAuthorizeGroups/NoRolesGroupACL-16                                                     8.677µ ± ∞ ¹               8.875µ ± ∞ ¹       ~ (p=0.841 n=5)
 RBACAuthorizeGroups/AdminGroupACL-16                                                       11.59µ ± ∞ ¹               10.61µ ± ∞ ¹       ~ (p=0.841 n=5)
 RBACAuthorizeGroups/OrgAdminGroupACL-16                                                    11.33µ ± ∞ ¹               10.99µ ± ∞ ¹       ~ (p=0.841 n=5)
 RBACAuthorizeGroups/OrgMemberGroupACL-16                                                   12.06µ ± ∞ ¹               11.20µ ± ∞ ¹       ~ (p=0.841 n=5)
 RBACAuthorizeGroups/ManyRolesGroupACL-16                                                   13.33µ ± ∞ ¹               12.93µ ± ∞ ¹       ~ (p=0.690 n=5)
 RBACAuthorizeGroups/ManyRolesCachedSubjectGroupACL-16                                      13.13µ ± ∞ ¹               12.98µ ± ∞ ¹       ~ (p=0.690 n=5)
 RBACAuthorizeGroups/AdminWithScopeGroupACL-16                                              10.71µ ± ∞ ¹               10.75µ ± ∞ ¹       ~ (p=1.000 n=5)
 RBACAuthorizeGroups/StaticRolesGroupACL-16                                                 11.24µ ± ∞ ¹               10.60µ ± ∞ ¹       ~ (p=0.841 n=5)
 RBACAuthorizeGroups/StaticRolesWithCacheGroupACL-16                                        10.90µ ± ∞ ¹               10.78µ ± ∞ ¹       ~ (p=0.841 n=5)
 geomean                                                                                    11.36µ                     11.01µ        -3.06%
 ¹ need >= 6 samples for confidence interval at level 0.95
diff --git a/coderd/rbac/benchmarks/benchstat_filter_benchmark.txt b/coderd/rbac/benchmarks/benchstat_filter_benchmark.txt
 goos: linux
 goarch: amd64
 pkg: github.com/coder/coder/v2/coderd/rbac
 cpu: AMD EPYC 9454P 48-Core Processor
                                                 │ main_rbac_filter_benchmark_output.txt │   poc_rbac_filter_benchmark_output.txt   │
                                                 │                sec/op                 │     sec/op      vs base                  │
 RBACFilter/PrepareOnly-NoRoles-16                                           4.387m ± ∞ ¹    11.053m ± ∞ ¹    +151.97% (p=0.008 n=5)
 RBACFilter/PrepareOnly-Admin-16                                             7.924m ± ∞ ¹    48.817m ± ∞ ¹    +516.09% (p=0.008 n=5)
 RBACFilter/PrepareOnly-OrgAdmin-16                                          14.43m ± ∞ ¹     48.55m ± ∞ ¹    +236.56% (p=0.008 n=5)
 RBACFilter/PrepareOnly-OrgMember-16                                         13.08m ± ∞ ¹     44.89m ± ∞ ¹    +243.20% (p=0.008 n=5)
 RBACFilter/PrepareOnly-ManyRoles-16                                         19.19m ± ∞ ¹     68.43m ± ∞ ¹    +256.53% (p=0.008 n=5)
 RBACFilter/PrepareOnly-ManyRolesCachedSubject-16                            18.36m ± ∞ ¹     68.23m ± ∞ ¹    +271.67% (p=0.008 n=5)
 RBACFilter/PrepareOnly-AdminWithScope-16                                    7.068m ± ∞ ¹    28.419m ± ∞ ¹    +302.09% (p=0.008 n=5)
 RBACFilter/PrepareOnly-StaticRoles-16                                       8.135m ± ∞ ¹    46.908m ± ∞ ¹    +476.60% (p=0.008 n=5)
 RBACFilter/PrepareOnly-StaticRolesWithCache-16                              7.987m ± ∞ ¹    46.460m ± ∞ ¹    +481.70% (p=0.008 n=5)
 RBACFilter/NoRoles-16                                                       38.13µ ± ∞ ¹     73.93µ ± ∞ ¹     +93.92% (p=0.008 n=5)
 RBACFilter/Admin-16                                                         190.1n ± ∞ ¹   22135.0n ± ∞ ¹  +11543.87% (p=0.008 n=5)
 RBACFilter/OrgAdmin-16                                                      87.90µ ± ∞ ¹    213.49µ ± ∞ ¹    +142.88% (p=0.008 n=5)
 RBACFilter/OrgMember-16                                                     133.2µ ± ∞ ¹     286.8µ ± ∞ ¹    +115.28% (p=0.008 n=5)
 RBACFilter/ManyRoles-16                                                     20.36µ ± ∞ ¹     33.64µ ± ∞ ¹     +65.26% (p=0.008 n=5)
 RBACFilter/ManyRolesCachedSubject-16                                        20.17µ ± ∞ ¹     33.48µ ± ∞ ¹     +65.95% (p=0.008 n=5)
 RBACFilter/AdminWithScope-16                                                547.4n ± ∞ ¹     539.6n ± ∞ ¹      -1.42% (p=0.048 n=5)
 RBACFilter/StaticRoles-16                                                   193.4n ± ∞ ¹   22047.0n ± ∞ ¹  +11299.69% (p=0.008 n=5)
 RBACFilter/StaticRolesWithCache-16                                          203.2n ± ∞ ¹   21793.0n ± ∞ ¹  +10624.90% (p=0.008 n=5)
 geomean                                                                     212.7µ           1.136m          +434.09%
 ¹ need >= 6 samples for confidence interval at level 0.95
diff --git a/coderd/rbac/benchmarks/main_rbac_authorize_benchmark_output.txt b/coderd/rbac/benchmarks/main_rbac_authorize_benchmark_output.txt
 goos: linux
 goarch: amd64
 pkg: github.com/coder/coder/v2/coderd/rbac
 cpu: AMD EPYC 9454P 48-Core Processor
 BenchmarkRBACAuthorize/NoRoles-16          2727694      2120 ns/op
 BenchmarkRBACAuthorize/NoRoles-16          2822834      2128 ns/op
 BenchmarkRBACAuthorize/NoRoles-16          2792620      2113 ns/op
 BenchmarkRBACAuthorize/NoRoles-16          2815776      2102 ns/op
 BenchmarkRBACAuthorize/NoRoles-16          2844122      2133 ns/op
 BenchmarkRBACAuthorize/Admin-16            1643432      3663 ns/op
 BenchmarkRBACAuthorize/Admin-16            1615740      3709 ns/op
 BenchmarkRBACAuthorize/Admin-16            1606729      3714 ns/op
 BenchmarkRBACAuthorize/Admin-16            1602591      3702 ns/op
 BenchmarkRBACAuthorize/Admin-16            1601395      3674 ns/op
 BenchmarkRBACAuthorize/OrgAdmin-16         1557615      3840 ns/op
 BenchmarkRBACAuthorize/OrgAdmin-16         1537790      3816 ns/op
 BenchmarkRBACAuthorize/OrgAdmin-16         1555850      3879 ns/op
 BenchmarkRBACAuthorize/OrgAdmin-16         1524692      3818 ns/op
 BenchmarkRBACAuthorize/OrgAdmin-16         1521158      3849 ns/op
 BenchmarkRBACAuthorize/OrgMember-16        1527608      3849 ns/op
 BenchmarkRBACAuthorize/OrgMember-16        1542693      3863 ns/op
 BenchmarkRBACAuthorize/OrgMember-16        1514922      3942 ns/op
 BenchmarkRBACAuthorize/OrgMember-16        1536782      3861 ns/op
 BenchmarkRBACAuthorize/OrgMember-16        1546622      3866 ns/op
 BenchmarkRBACAuthorize/ManyRoles-16         973860      6097 ns/op
 BenchmarkRBACAuthorize/ManyRoles-16         937105      6176 ns/op
 BenchmarkRBACAuthorize/ManyRoles-16         952167      6063 ns/op
 BenchmarkRBACAuthorize/ManyRoles-16         923904      6084 ns/op
 BenchmarkRBACAuthorize/ManyRoles-16         947184      6056 ns/op
 BenchmarkRBACAuthorize/ManyRolesCachedSubject-16           937454      6042 ns/op
 BenchmarkRBACAuthorize/ManyRolesCachedSubject-16           968358      6119 ns/op
 BenchmarkRBACAuthorize/ManyRolesCachedSubject-16           958936      6128 ns/op
 BenchmarkRBACAuthorize/ManyRolesCachedSubject-16           952670      6053 ns/op
 BenchmarkRBACAuthorize/ManyRolesCachedSubject-16           963718      6086 ns/op
 BenchmarkRBACAuthorize/AdminWithScope-16                  1602452      3650 ns/op
 BenchmarkRBACAuthorize/AdminWithScope-16                  1618682      3658 ns/op
 BenchmarkRBACAuthorize/AdminWithScope-16                  1613992      3694 ns/op
 BenchmarkRBACAuthorize/AdminWithScope-16                  1588384      3644 ns/op
 BenchmarkRBACAuthorize/AdminWithScope-16                  1617560      3694 ns/op
 BenchmarkRBACAuthorize/StaticRoles-16                     1708760      3466 ns/op
 BenchmarkRBACAuthorize/StaticRoles-16                     1728127      3438 ns/op
 BenchmarkRBACAuthorize/StaticRoles-16                     1730481      3489 ns/op
 BenchmarkRBACAuthorize/StaticRoles-16                     1736761      3496 ns/op
 BenchmarkRBACAuthorize/StaticRoles-16                     1705742      3432 ns/op
 BenchmarkRBACAuthorize/StaticRolesWithCache-16            1722753      3460 ns/op
 BenchmarkRBACAuthorize/StaticRolesWithCache-16            1683228      3444 ns/op
 BenchmarkRBACAuthorize/StaticRolesWithCache-16            1704624      3501 ns/op
 BenchmarkRBACAuthorize/StaticRolesWithCache-16            1730134      3486 ns/op
 BenchmarkRBACAuthorize/StaticRolesWithCache-16            1713960      3483 ns/op
 PASS
 ok  github.com/coder/coder/v2/coderd/rbac517.596s
diff --git a/coderd/rbac/benchmarks/main_rbac_authorize_groups_benchmark_output.txt b/coderd/rbac/benchmarks/main_rbac_authorize_groups_benchmark_output.txt
 goos: linux
 goarch: amd64
 pkg: github.com/coder/coder/v2/coderd/rbac
 cpu: AMD EPYC 9454P 48-Core Processor
 BenchmarkRBACAuthorizeGroups/NoRolesGroupACL-16          1285530      5135 ns/op
 BenchmarkRBACAuthorizeGroups/NoRolesGroupACL-16          1000000      7036 ns/op
 BenchmarkRBACAuthorizeGroups/NoRolesGroupACL-16           732034      8677 ns/op
 BenchmarkRBACAuthorizeGroups/NoRolesGroupACL-16           509162     10107 ns/op
 BenchmarkRBACAuthorizeGroups/NoRolesGroupACL-16           611205     11611 ns/op
 BenchmarkRBACAuthorizeGroups/AdminGroupACL-16             680037      7480 ns/op
 BenchmarkRBACAuthorizeGroups/AdminGroupACL-16             653817      9256 ns/op
 BenchmarkRBACAuthorizeGroups/AdminGroupACL-16             559095     11592 ns/op
 BenchmarkRBACAuthorizeGroups/AdminGroupACL-16             427017     12917 ns/op
 BenchmarkRBACAuthorizeGroups/AdminGroupACL-16             388234     14860 ns/op
 BenchmarkRBACAuthorizeGroups/OrgAdminGroupACL-16          778580      8000 ns/op
 BenchmarkRBACAuthorizeGroups/OrgAdminGroupACL-16          544359      9539 ns/op
 BenchmarkRBACAuthorizeGroups/OrgAdminGroupACL-16          467354     11329 ns/op
 BenchmarkRBACAuthorizeGroups/OrgAdminGroupACL-16          484412     13392 ns/op
 BenchmarkRBACAuthorizeGroups/OrgAdminGroupACL-16          378778     14857 ns/op
 BenchmarkRBACAuthorizeGroups/OrgMemberGroupACL-16         781843      7728 ns/op
 BenchmarkRBACAuthorizeGroups/OrgMemberGroupACL-16         642916     10202 ns/op
 BenchmarkRBACAuthorizeGroups/OrgMemberGroupACL-16         462691     12061 ns/op
 BenchmarkRBACAuthorizeGroups/OrgMemberGroupACL-16         432775     13403 ns/op
 BenchmarkRBACAuthorizeGroups/OrgMemberGroupACL-16         391358     14852 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesGroupACL-16         510998     10349 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesGroupACL-16         514650     11934 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesGroupACL-16         403914     13333 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesGroupACL-16         375208     14818 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesGroupACL-16         317528     16597 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesCachedSubjectGroupACL-16           494493     10189 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesCachedSubjectGroupACL-16           456991     11837 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesCachedSubjectGroupACL-16           524840     13132 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesCachedSubjectGroupACL-16           413689     14751 ns/op
 BenchmarkRBACAuthorizeGroups/ManyRolesCachedSubjectGroupACL-16           367159     15959 ns/op
 BenchmarkRBACAuthorizeGroups/AdminWithScopeGroupACL-16                   928262      7479 ns/op
 BenchmarkRBACAuthorizeGroups/AdminWithScopeGroupACL-16                   559882      9114 ns/op
 BenchmarkRBACAuthorizeGroups/AdminWithScopeGroupACL-16                   492115     10707 ns/op
 BenchmarkRBACAuthorizeGroups/AdminWithScopeGroupACL-16                   439737     12179 ns/op
 BenchmarkRBACAuthorizeGroups/AdminWithScopeGroupACL-16                   505465     13957 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesGroupACL-16                      944755      7290 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesGroupACL-16                      678937      9119 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesGroupACL-16                      578650     11239 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesGroupACL-16                      458872     12787 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesGroupACL-16                      410241     14096 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesWithCacheGroupACL-16             866774      7659 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesWithCacheGroupACL-16             621178      9248 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesWithCacheGroupACL-16             479337     10901 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesWithCacheGroupACL-16             444554     12825 ns/op
 BenchmarkRBACAuthorizeGroups/StaticRolesWithCacheGroupACL-16             396876     14077 ns/op
 PASS
 ok  github.com/coder/coder/v2/coderd/rbac594.728s
Original file line number	Diff line number	Diff line change
Expand Up		@@ -712,6 +712,39 @@ func TestAuthorizeDomain(t *testing.T) {

		{resource: ResourceWorkspace.WithOwner("not-me")},
		}))

		// Prebuild
		prebuildUserID := uuid.MustParse("c42fdf75-3097-471c-8c33-fb52454d81c0").String()
		prebuilder := Subject{
		ID: prebuildUserID,
		Scope: must(ExpandScope(ScopeAll)),
		Roles: Roles{
		{
		Identifier: RoleIdentifier{Name: "Prebuilder"},
		Site: []Permission{},
		Org: map[string][]Permission{
		defOrg.String(): Permissions(map[string][]policy.Action{
		ResourcePrebuiltWorkspace.Type: ResourcePrebuiltWorkspace.AvailableActions(),
		}),
		},
		User: []Permission{},
		},
		},
		}

		testAuthorize(t, "AllWorkspaceActions", prebuilder,
		cases(func(c authTestCase) authTestCase {
		c.actions = ResourceWorkspace.AvailableActions()
		return c
		}, []authTestCase{
		// Prebuild cannot access all workspaces
		{allow: false, resource: ResourceWorkspace.InOrg(defOrg).WithOwner(user.ID)},
		// They can access their workspaces because of the prebuild user ID
		{allow: true, resource: ResourceWorkspace.InOrg(defOrg).WithOwner(prebuildUserID)},
		// Also the prebuild type, although this should never be used directly.
		{allow: true, resource: ResourcePrebuiltWorkspace.InOrg(defOrg).WithOwner(prebuildUserID)},
		}),
		)
		}

		// TestAuthorizeLevels ensures level overrides are acting appropriately
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,17 @@
		goos: linux
		goarch: amd64
		pkg: github.com/coder/coder/v2/coderd/rbac
		cpu: AMD EPYC 9454P 48-Core Processor
		│ main_rbac_authorize_benchmark_output.txt │ poc_rbac_authorize_benchmark_output.txt │
		│ sec/op │ sec/op vs base │
		RBACAuthorize/NoRoles-16 2.120µ ± ∞ ¹ 2.143µ ± ∞ ¹ +1.08% (p=0.032 n=5)
		RBACAuthorize/Admin-16 3.702µ ± ∞ ¹ 3.775µ ± ∞ ¹ +1.97% (p=0.008 n=5)
		RBACAuthorize/OrgAdmin-16 3.840µ ± ∞ ¹ 3.939µ ± ∞ ¹ +2.58% (p=0.016 n=5)
		RBACAuthorize/OrgMember-16 3.863µ ± ∞ ¹ 3.919µ ± ∞ ¹ ~ (p=0.087 n=5)
		RBACAuthorize/ManyRoles-16 6.084µ ± ∞ ¹ 6.264µ ± ∞ ¹ +2.96% (p=0.008 n=5)
		RBACAuthorize/ManyRolesCachedSubject-16 6.086µ ± ∞ ¹ 6.230µ ± ∞ ¹ +2.37% (p=0.008 n=5)
		RBACAuthorize/AdminWithScope-16 3.658µ ± ∞ ¹ 3.794µ ± ∞ ¹ +3.72% (p=0.008 n=5)
		RBACAuthorize/StaticRoles-16 3.466µ ± ∞ ¹ 3.596µ ± ∞ ¹ +3.75% (p=0.008 n=5)
		RBACAuthorize/StaticRolesWithCache-16 3.483µ ± ∞ ¹ 3.589µ ± ∞ ¹ +3.04% (p=0.008 n=5)
		geomean 3.860µ 3.958µ +2.54%
		¹ need >= 6 samples for confidence interval at level 0.95
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,26 @@
		goos: linux
		goarch: amd64
		pkg: github.com/coder/coder/v2/coderd/rbac
		cpu: AMD EPYC 9454P 48-Core Processor
		│ main_rbac_filter_benchmark_output.txt │ poc_rbac_filter_benchmark_output.txt │
		│ sec/op │ sec/op vs base │
		RBACFilter/PrepareOnly-NoRoles-16 4.387m ± ∞ ¹ 11.053m ± ∞ ¹ +151.97% (p=0.008 n=5)
		RBACFilter/PrepareOnly-Admin-16 7.924m ± ∞ ¹ 48.817m ± ∞ ¹ +516.09% (p=0.008 n=5)
		RBACFilter/PrepareOnly-OrgAdmin-16 14.43m ± ∞ ¹ 48.55m ± ∞ ¹ +236.56% (p=0.008 n=5)
		RBACFilter/PrepareOnly-OrgMember-16 13.08m ± ∞ ¹ 44.89m ± ∞ ¹ +243.20% (p=0.008 n=5)
		RBACFilter/PrepareOnly-ManyRoles-16 19.19m ± ∞ ¹ 68.43m ± ∞ ¹ +256.53% (p=0.008 n=5)
		RBACFilter/PrepareOnly-ManyRolesCachedSubject-16 18.36m ± ∞ ¹ 68.23m ± ∞ ¹ +271.67% (p=0.008 n=5)
		RBACFilter/PrepareOnly-AdminWithScope-16 7.068m ± ∞ ¹ 28.419m ± ∞ ¹ +302.09% (p=0.008 n=5)
		RBACFilter/PrepareOnly-StaticRoles-16 8.135m ± ∞ ¹ 46.908m ± ∞ ¹ +476.60% (p=0.008 n=5)
		RBACFilter/PrepareOnly-StaticRolesWithCache-16 7.987m ± ∞ ¹ 46.460m ± ∞ ¹ +481.70% (p=0.008 n=5)
		RBACFilter/NoRoles-16 38.13µ ± ∞ ¹ 73.93µ ± ∞ ¹ +93.92% (p=0.008 n=5)
		RBACFilter/Admin-16 190.1n ± ∞ ¹ 22135.0n ± ∞ ¹ +11543.87% (p=0.008 n=5)
		RBACFilter/OrgAdmin-16 87.90µ ± ∞ ¹ 213.49µ ± ∞ ¹ +142.88% (p=0.008 n=5)
		RBACFilter/OrgMember-16 133.2µ ± ∞ ¹ 286.8µ ± ∞ ¹ +115.28% (p=0.008 n=5)
		RBACFilter/ManyRoles-16 20.36µ ± ∞ ¹ 33.64µ ± ∞ ¹ +65.26% (p=0.008 n=5)
		RBACFilter/ManyRolesCachedSubject-16 20.17µ ± ∞ ¹ 33.48µ ± ∞ ¹ +65.95% (p=0.008 n=5)
		RBACFilter/AdminWithScope-16 547.4n ± ∞ ¹ 539.6n ± ∞ ¹ -1.42% (p=0.048 n=5)
		RBACFilter/StaticRoles-16 193.4n ± ∞ ¹ 22047.0n ± ∞ ¹ +11299.69% (p=0.008 n=5)
		RBACFilter/StaticRolesWithCache-16 203.2n ± ∞ ¹ 21793.0n ± ∞ ¹ +10624.90% (p=0.008 n=5)
		geomean 212.7µ 1.136m +434.09%
		¹ need >= 6 samples for confidence interval at level 0.95
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,51 @@
		goos: linux
		goarch: amd64
		pkg: github.com/coder/coder/v2/coderd/rbac
		cpu: AMD EPYC 9454P 48-Core Processor
		BenchmarkRBACAuthorize/NoRoles-16 2727694 2120 ns/op
		BenchmarkRBACAuthorize/NoRoles-16 2822834 2128 ns/op
		BenchmarkRBACAuthorize/NoRoles-16 2792620 2113 ns/op
		BenchmarkRBACAuthorize/NoRoles-16 2815776 2102 ns/op
		BenchmarkRBACAuthorize/NoRoles-16 2844122 2133 ns/op
		BenchmarkRBACAuthorize/Admin-16 1643432 3663 ns/op
		BenchmarkRBACAuthorize/Admin-16 1615740 3709 ns/op
		BenchmarkRBACAuthorize/Admin-16 1606729 3714 ns/op
		BenchmarkRBACAuthorize/Admin-16 1602591 3702 ns/op
		BenchmarkRBACAuthorize/Admin-16 1601395 3674 ns/op
		BenchmarkRBACAuthorize/OrgAdmin-16 1557615 3840 ns/op
		BenchmarkRBACAuthorize/OrgAdmin-16 1537790 3816 ns/op
		BenchmarkRBACAuthorize/OrgAdmin-16 1555850 3879 ns/op
		BenchmarkRBACAuthorize/OrgAdmin-16 1524692 3818 ns/op
		BenchmarkRBACAuthorize/OrgAdmin-16 1521158 3849 ns/op
		BenchmarkRBACAuthorize/OrgMember-16 1527608 3849 ns/op
		BenchmarkRBACAuthorize/OrgMember-16 1542693 3863 ns/op
		BenchmarkRBACAuthorize/OrgMember-16 1514922 3942 ns/op
		BenchmarkRBACAuthorize/OrgMember-16 1536782 3861 ns/op
		BenchmarkRBACAuthorize/OrgMember-16 1546622 3866 ns/op
		BenchmarkRBACAuthorize/ManyRoles-16 973860 6097 ns/op
		BenchmarkRBACAuthorize/ManyRoles-16 937105 6176 ns/op
		BenchmarkRBACAuthorize/ManyRoles-16 952167 6063 ns/op
		BenchmarkRBACAuthorize/ManyRoles-16 923904 6084 ns/op
		BenchmarkRBACAuthorize/ManyRoles-16 947184 6056 ns/op
		BenchmarkRBACAuthorize/ManyRolesCachedSubject-16 937454 6042 ns/op
		BenchmarkRBACAuthorize/ManyRolesCachedSubject-16 968358 6119 ns/op
		BenchmarkRBACAuthorize/ManyRolesCachedSubject-16 958936 6128 ns/op
		BenchmarkRBACAuthorize/ManyRolesCachedSubject-16 952670 6053 ns/op
		BenchmarkRBACAuthorize/ManyRolesCachedSubject-16 963718 6086 ns/op
		BenchmarkRBACAuthorize/AdminWithScope-16 1602452 3650 ns/op
		BenchmarkRBACAuthorize/AdminWithScope-16 1618682 3658 ns/op
		BenchmarkRBACAuthorize/AdminWithScope-16 1613992 3694 ns/op
		BenchmarkRBACAuthorize/AdminWithScope-16 1588384 3644 ns/op
		BenchmarkRBACAuthorize/AdminWithScope-16 1617560 3694 ns/op
		BenchmarkRBACAuthorize/StaticRoles-16 1708760 3466 ns/op
		BenchmarkRBACAuthorize/StaticRoles-16 1728127 3438 ns/op
		BenchmarkRBACAuthorize/StaticRoles-16 1730481 3489 ns/op
		BenchmarkRBACAuthorize/StaticRoles-16 1736761 3496 ns/op
		BenchmarkRBACAuthorize/StaticRoles-16 1705742 3432 ns/op
		BenchmarkRBACAuthorize/StaticRolesWithCache-16 1722753 3460 ns/op
		BenchmarkRBACAuthorize/StaticRolesWithCache-16 1683228 3444 ns/op
		BenchmarkRBACAuthorize/StaticRolesWithCache-16 1704624 3501 ns/op
		BenchmarkRBACAuthorize/StaticRolesWithCache-16 1730134 3486 ns/op
		BenchmarkRBACAuthorize/StaticRolesWithCache-16 1713960 3483 ns/op
		PASS
		ok github.com/coder/coder/v2/coderd/rbac517.596s