When using external access control, role caches need to be invalidated after some time in order to reflect modifications in the external security manager where the roles have been externalized.