Any functionality which requires authentication (for which there are a lot) requires looking up the user upon execution of the endpoint. This is something which happens a LOT; so it makes sense to cache this data for a period of time (currently defined as 2 hours).
Permissions lookups are also used for a lot of queries; and are also pretty database-intensive. So this change caches those lookups as well. Since we want permission results to take effect upon changing them, we'll remove the cache entry whenever a change is made.