In 3.6.0 a permission cache mechanism was introduced to improve VOMS Admin responsiveness.
A mechanism was put in place to clean up the cache whenever an ACL update event was raised. This was insufficient to ensure that the cache wouldn't be
"transparent", as permission for an authenticated user are not only derived from ACLs but from user Role and group membership as well.

So the permission cache should be cleaned up whenever an "interesting" user related event is raised internally in VOMS Admin, e.g. when users are created/deleted, when group membership changes, when roles are assigned/dismissed.