Users’ permissions may change between consecutive requests, that’s why authorization data must be reloaded every time. Any caching mechanism would introduce a potential security hole. For smaller applications, CPhpAuthManager might be a faster alternative to database.
I had the same problem where we had a bunch of menu items, each with their own permission requirement and it was hurting every page load. I ended up storing permissions in session after a user logs in, then in my admin interface for managing permissions themselves, clear out that user’s session everytime changes are made (whether that be adding or revoking permissions). One downside is you have to manage permissions through the admin interface, else they won’t take effect until that user logs out or loses his/her session