Design and Implementation of a Unified Permission Management Service (MPS)

In the era of rapid IT development, many enterprise platforms have fragmented permission systems, leading to chaos and unclear hierarchies.

The Unified Permission Management Service (MPS) was designed to integrate permissions across Baidu's data middle‑platform, combining RBAC, ACL, and DAC models.

Requirement analysis identified needs such as platform integration, hierarchical role definition, unified authentication, approval workflow, and API design.

Technical selection chose Baidu's internal Go Development Platform (GDP) for its infrastructure support, configurability, RPC capabilities, and Prometheus‑based monitoring.

The permission model separates business permissions and management permissions, applying ACL for fine‑grained resource control, DAC for owner‑driven delegation, and RBAC for role‑based scalability.

MPS is divided into four functional modules: Platform & Node Management, Permission Management, Application & Authorization, and Permission Audit & Recovery, each providing features like node synchronization (push/pull), online request and approval, automatic revocation, and audit logging.

Deployment in production serves nearly 40 business platforms, managing over 100 000 permission nodes, handling thousands of daily requests and up to 1.3 million API calls per day, demonstrating the system’s reliability and scalability.