Sebastian Leupold wrote
... though I am of the opinion, that 16k roles should be more efficient, I am not sure, if this justifies the work to re-implement cookie management.
I am still of the opinion, that there shall not be a need to assign more than 50 roles to a single user...
In general, I completely agree. I get to throw out wild architectural design changes because I neither have to implement them nor ensure they continue to support legacy scenarios :)
I thought I'd add that because, in general, a role-based bitfield could be treated as a sparsely populated vector, it could be represented in memory much more efficiently than (loosely) O(n) space. Although a worst-case might be 16k roles, there would in practice be essentially no maximum (assuming sparse assignment). Spare matrices are well-studied in the academic literature.
Role deserialization in a bitfield data structure would be much more efficient than through iterative string manipulation, as well (regardless of whether name matching or string-to-integer roleId conversion were used).
Given that the general consensus seems to be that high-volume role support is not a viable use-case in DNN, these implementation details become purely academic (but interesting!).