When configuring permissions in Bitbucket Server, in addition to being able to grant specific permissions to individual users, administrators can grant permissions to groups to implicitly grant them to all of a group's users. For performance, since permissions are checked frequently, Bitbucket Server maintains caches for user permissions (which covers only permissions granted to the user specifically) and group permissions.

The current approach for caching group permissions includes an entry for every group (up to the configured limit, which defaults to 2500), even if some groups have no granted permissions. For instances with a large number of groups, that can be extremely wasteful, and it can lead to cache churn that renders the group permission cache essentially useless.

Rather than caching permissions for every group, the system should only cache permissions for groups that actually have some. That will make much better use of the cache's allotted entries, and should greatly reduce churn. It should also mean many, if not most, instances that have large numbers of groups still don't need to significantly increase the group cache limit, since most groups likely do not have any granted permissions.