Research On Multi-Tenant Access Control For SAAS Applications

With the development and popularization of network technology, application software is gradually mature, more and more enterprises try to build their own information systems. Small and medium-sized enterprise information management has a lot in common. If each company independently developed a set of system, there are a lot of repetitive work, wasting a lot of manpower, material and financial resources. At this point, the SaaS model emerges. SaaS, software as a service, provides software service through the Internet. The enterprises do not need to purchase hardware and software. They can build my own business platform through online lease, and can also customize applications according to their own requirements.SaaS model has the typical characteristic of "single instance multi-tenant, tenants from custom". To meet the personalized needs of tenants, SaaS application configuration characteristics reflected in the pages, data, processes, access control, etc. In order to meet the requirements of data customization, the data storage way changes. For example, there are base table added with extended table, and sparse table. The paper discusses access control model in the SaaS mode based on the sparse table. The changes of data storage, the multi-tenancy and customizability of SaaS, make the traditional access control have the following shortages and challenges in SaaS:(1) The two traditional methods, one method of which is to enforce at application level, and another of which is at database level, are inappropriate for SaaS applications. Firstly, during application development, ISVs don’t have direct access to custom columns or access control custom information. Even it can be implemented by creating and obeying development standards, but it is neither flexible nor scalable. Secondly, the data storage changes in SaaS. Using sparse table as example, one sparse table stores all business data of all tables of one application. The same column in one sparse table may have different meanings, which makes it difficult to directly define ACL or authorization view on business data. Therefore, enforcement at database level is not appropriate.(2) There is not the concept of tenant in traditional application. Therefore, the tenant isolation and cross-tenant access are the new demands for fine-grained access control in SaaS. Tenants access isolation is the basic guarantee for the normal operation of the SaaS application, which means tenants are only allowed to see their own access control data, including access control information isolation and information isolation. Data access across tenants is one important requirement in SaaS, which makes it possible that a tenant’s user get access to another tenant’s data under authorization.(3)The approach of enforcing access control to implicitly modify SQL by adding predicates may change the meaning of the original query, return the wrong result and make users misunderstand.To solve issues and challenges presented above, the paper analyses multi-tenant features and proposes the SaaS application access control architecture, multi-tenant access configuration model and multi-tenant access control mechanism. The main work and achievements of the paper include:(1) An access control architecture in the SaaS application delivery platform is proposed. The application business data and access control data are stored in SaaS application delivery platform. The data access request submitted by user’s operating system is judged in the SaaS application delivery platform.(2) A multi-tenant access control configuration model is proposed. The configuration model is composed of users, roles, data objects and access policys. We identify the different parts in SaaS and specify the relationships among them. The model can solve the problem of access isolation among tenants and data access across tenants.(3)An access control enforcement method is proposed. The enforcement method check the validity of the SQL by testing whether the access data is in users’accessible scope. If validity, the SQL will be executed after rewritten based on metadata. Otherwise, it will be rejected. The solution makes sure that all the executed SQLs are valid and the returned results are correct.In this paper, for the shortcomings and challenges presented in traditional methods for SaaS oriented access control, we propose the multi-tenant access control mechanism for SaaS. The paper proposes the multi-tenant access control configuration model to solve the tow problems of access isolation and across tenants and implements the access control approach by checking the validity of the SQL efficiently.