Laravel permissions work great… until your application starts to scale.
If you're using role/permission checks heavily, you might be hitting your database more often than you think.
In this article, I’ll show you a simple benchmark comparing the default behavior vs a Redis-based approach.
The Problem
In many Laravel applications, permission checks look like this:
$user->can('edit-post');
Looks harmless, right?
But under the hood, this can trigger multiple database queries, especially when:
- You have many users
- Complex role/permission structures
- Frequent authorization checks
At small scale, it’s fine.
At large scale… it adds up quickly.
Benchmark Setup
To test this, I created a simple benchmark comparing:
- Default Laravel permissions behavior
- Redis-cached permissions
Benchmark repo: https://github.com/scabarcas17/laravel-permissions-redis-benchmark
The idea was simple:
- Run multiple permission checks
- Measure database queries
- Compare performance
Results
Default Behavior
- Multiple database queries per permission check
- Repeated queries for the same permissions
- Increased load under high traffic
With Redis
- Permissions cached in Redis
- Near-zero database queries after first load
- Much faster response times
Key Insight
The biggest issue is not the first query…
It’s the repeated queries for the same permissions.
By caching permissions in Redis, we eliminate redundant database access.
The Solution
To test this approach in a real scenario, I built a small package: https://packagist.org/packages/scabarcas/laravel-permissions-redis
GitHub repo:
https://github.com/scabarcas17/laravel-permissions-redis
This package adds a Redis layer on top of Laravel permissions, reducing unnecessary queries.
When Does This Matter?
This approach is especially useful if your app has:
- High traffic
- Many permission checks per request
- Complex role/permission structures
- Performance bottlenecks related to authorization
Final Thoughts
Laravel’s default behavior is solid and works well for most applications.
But if you're scaling and noticing performance issues, caching permissions can make a real difference.
This benchmark is just a starting point—but it clearly shows the impact of reducing repeated database queries.
Feedback
I’d love to hear your thoughts:
- Have you experienced performance issues with permissions?
- How are you handling caching in your apps?
Top comments (0)