Design and Implementation of a Role‑Based Access Control System for the DuoliXiong Business Platform

The DuoliXiong platform, a Baidu‑owned local‑life service, offers low‑price quality services across categories such as dining, hotels, and entertainment, and operates through a three‑layer architecture: ecosystem scene layer, platform support layer, and foundational layer.

Because the platform comprises many independent systems (merchant platform, operation platform, review platform, editor platform, distribution platform, etc.), the permission system faces challenges like heterogeneous account systems, hierarchical role relationships, and multi‑language integration.

To address these challenges, the team adopted a Role‑Based Access Control (RBAC) approach, focusing on four core components—Subject, Role, Session, and Permission—and four main rules: role assignment, role authorization, permission assignment, and permission enforcement.

Four RBAC variants were evaluated (Flat, Hierarchical, Constrained, Symmetric); the Flat RBAC model was selected for its simplicity, matching the current business needs without complex role inheritance.

The permission system’s core responsibilities were defined as controlling menu visibility, functional group access, button actions, and supporting multiple business lines. A dedicated business‑line table (prod_id) was introduced to isolate data per line, and user, role, and permission tables were designed with composite keys (e.g., prod_id + user_type + login_id for users).

Permissions are stored in a tree‑structured table that mirrors the front‑end page hierarchy, enabling fine‑grained control over menus, pages, functional groups, and individual buttons. ER diagrams illustrate the relationships among business‑line, user, role, and permission entities.

Beyond functional permissions, the article discusses data permissions (row‑level and column‑level) and proposes binding data‑rule definitions to roles, allowing different users to inherit distinct data access policies.

Overall, the designed RBAC system now powers DuoliXiong’s B‑end and O‑end platforms and is being extended to additional services, demonstrating a scalable, secure permission management solution for complex, multi‑tenant business ecosystems.