The function simply queries acs_object_party_privilege_map, which is a humongous view that joins three flattened hierarchies: the context tree, the privilege hierarchy, the party composition (and membership) hierarchy. As such, it contains an extremely large number of rows. About the only kind of query you can run against it is the one performed by the acs_permission.permission_p function. Anything other than that would take forever to finish or would ultimately result in an Oracle error.What's not clear to me, is if it's the question I ask that makes me a terrorist, or how I ask it. Is the article suggesting these problematic queries can be written differently (and scale) or that indeed there are some questions you shouldn't even try to ask of the permission system?
In particular, what's a nice efficent way to determine which parties p have the permission foo on object o?