Permission Access Control Based On SaaS Multi-tenant Model

The SaaS service model in the cloud computing mode provides high-efficiency and low-cost convenient services for the majority of enterprise users.With the further expansion of the application scope,it has become a trend in the future development of software services.SaaS services usually adopt the data unified storage method and have a large number of service users.These features make SaaS services need to provide users with safe and effective access control methods.This paper mainly studies the common multi-tenant access control model under the SaaS service model,and based on this,it presents an access control model that is more suitable for SaaS multi-tenant domain security mutual access.First,this paper studies the IRBAC2000 model for multi-tenant domain access and analyzes the advantages and disadvantages of this model in SaaS multi-tenant domain access control.Based on this model,a multi-tenant domain security access control model is designed based on the role hierarchy in the model.The use of role hierarchy in the improved model and the conflict detection elimination algorithm presented in the paper enable the role to establish mapping relationships with other roles in the tenant domain across domains.The traditional role-based access control model applied to the SaaS model can also be used to facilitate the introduction of improved models.So as to realize the expansion of the secure access control mode from single domain to multiple domains.Secondly,the paper analyzes the constraints in the traditional RBAC model,which may lead to the security problems in cross domain access,and then the role group extended access control model is introduced into the RBAC model.In the model,the role set is divided into several role groups according to the security requirement,and the corresponding constraints are granted to the role group.The composition of the role group can be decided by the tenant himself,which makes the constraint mode more flexible after the role group is introduced.At the same time,due to the introduction of role groups,the tenant administrators have greatly reduced the constraint process.Finally,a prototype system for improving the access control model is designed and implemented and verified.The experimental results verify that the improved model can effectively ensure the secure access control of users in single tenant domain and multi-tenant domain environment in SaaS multi-tenancy mode.demand.By improving the RBAC model,this paper implements secure access between multi-tenant domains in the SaaS model.The introduction of the RBAC extension model of role groups provides a more flexible and secure constraint method in a multi-domain environment.