Why is this an issue?
When accessing the database, the ACL scripts are executed once for every record being read in order to determine if the user has the permission. Doing expensive work inside this script will surely slow down your database as it grows. Querying the database is an expensive operation so doing it inside ACL scripts is an issue.
Avoiding queries
Complex conditions will often tempt us to implement them with scripting, overlooking that they could be implemented using other acl tools like the condition builder or composing multiple acls.
Rewrite without the script where possible
Complex conditions will often tempt us to implement them with scripting. Given the following acl script, let's try to find a way to rewrite it without javascript:
1var userGr = new GlideRecord("sys_user"); 2if (userGr.get(gs.getUserID())) { 3 if ( 4 gs.getUser().isMemberOf(current.assignment_group) 5 userGr.user_name == current.sys_created_by || 6 ) { 7 answer = true; 8 } 9}
Writing the logic as a statement, the user can read the record if:
he belongs to the assingment group
or
he created the record
Condition 1 can be written using the condition builder, and condition 2 is querying the database unecessarily, since it can also be written with the condition builder.
The script would be fully expressed with:
1Assignment group -> is (dynamic) -> One Of My Groups 2 OR Created by -> is -> javascript:gs.getUserName()