Multi-tenant permission isolation and control method and device based on SaaS architecture

CN122333433APending Publication Date: 2026-07-03WUHAN XIAOAN INTELLIGENT TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
WUHAN XIAOAN INTELLIGENT TECH CO LTD
Filing Date
2026-02-28
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Existing technologies for multi-tenant permission isolation and control in SaaS architecture suffer from poor security, low flexibility, and high development and maintenance costs.

Method used

By receiving business requests from clients, a permission context is constructed, permission verification is performed, the original SQL statement is intercepted, converted into an abstract syntax tree (AST), tenant isolation conditions are dynamically injected into the conditional clauses of the AST, and then reverse-engineered into the target SQL statement for database execution.

Benefits of technology

It improves the security and reliability of multi-tenant data isolation, enhances the flexibility of access control, decouples business logic from security logic, and reduces development and maintenance costs.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122333433A_ABST
    Figure CN122333433A_ABST
Patent Text Reader

Abstract

This invention provides a method and apparatus for multi-tenant permission isolation and control based on a SaaS architecture. The method includes: receiving a business request sent by a client; constructing a permission context based on the business request; performing permission verification based on the permission context to obtain a permission verification result; if the permission verification is successful, intercepting the original Structured Query Language (SQL) statement triggered by the business request; converting the original SQL statement into an Abstract Syntax Tree (AST); dynamically injecting tenant isolation conditions into the conditional clause positions of the AST based on the permission context to obtain a modified AST; and reconstructing the modified AST into a target SQL statement and submitting it to the database for execution. This invention significantly improves the security and reliability of multi-tenant data isolation, enhances the flexibility of permission control, decouples business logic from security logic, and reduces development and maintenance costs.
Need to check novelty before this filing date? Find Prior Art