Moving rules with high hit counts further up in the rulebase was a longstanding recommendation to help reduce the CPU overhead of rule base lookups in R77.30 gateway and earlier. However due to the new Column-based matching feature which is enabled by default in R80.10+ gateway, moving frequently-hit rules towards the top of the policy provides only minimal gains and is probably not worth your time to pursue.
For known users the gateway already has a user to IP mapping in its cache (along with group memberships) by the time a user's traffic reaches the gateway, so I don't see why moving a rule utilizing an IA access role downwards would be a recommendation here unless you are also using something like Domain objects in the same rule or perhaps invoking the Captive Portal.
New 2-day Live "Max Power" Series Course Now Available:
"Gateway Performance Optimization R81.20" at maxpowerfirewalls.com