In 1.9 the permissions depend on all roles user has, but also on role overrides and contexts where roles are assigned. This is very confusing for majority of users. It is not possible to even guess results when user has more than 3 roles.
The new evaluation uses the same algorithm as other role based systems - first evaluate all roles independently, then verify if user has those roles in given context.
There are multiple benefits:
- everybody can simply guess result, it is not necessary to know everything about permissions above current context
- much, much better performance because we may return result as sql query
- allows new override UI - simple add/remove roles from overrides