API Visibility Issue in DevPortal for INTERNAL Role Updates

[Abshan]

Description

An issue has been observed with the DevPortal API visibility feature, which is used to restrict API access to specific users. The problem arises when a user's role is dynamically updated. If the user is already logged into the DevPortal, the updated API visibility permissions do not take effect immediately. Instead, the changes are reflected only after the cache expiry time of 15 minutes.

This issue occurs exclusively with users assigned to INTERNAL roles (e.g., internal/abc) and does not affect other role types. For non-INTERNAL roles, the visibility updates are applied immediately without any delay.

The delay in reflecting updated API visibility creates confusion and reduces the efficiency of dynamic role updates for API visibility management. This can negatively affect the user experience by introducing unnecessary delays in accessing APIs after role updates.

Steps to Reproduce

1. Create a user and an internal role (e.g., internal/abc), but do not assign the role to the user initially.
2. Create an API and configure the API DevPortal visibility to be restricted to the internal role.
3. Log in to the DevPortal with the created user.
4. Assign the internal role to the user.
5. Check the DevPortal to see if the API is visible. The API will only become visible after the cache expiry time (15 minutes).

Version

4.2.0

Environment Details (with versions)

No response