Design and Architecture of Meituan's Data Security Permission Platform

In the era of big data, data has become a core competitive asset for companies. Meituan's data security platform was built to provide fine‑grained permission control for data analysis, data services, and data governance products.

Background : Frequent data security incidents have highlighted the need for robust internal data protection. Traditional permission models (ACL, RBAC) only support function‑level control and cannot express the complex relationships of data‑centric products such as reports, dimensions, and metrics.

Meituan designed a new permission model that supports both functional and data‑level control, with three subsystems—approval, permission, and audit—to form a complete security loop.

Traditional Models : ACL links users directly to resources; RBAC links users to roles, and roles to resources. Both models struggle with hierarchical resource relationships and role inheritance required by data products.

New Permission Model : Resources are organized in a tree structure (e.g., report → tabs → components → dimensions/metrics). Roles can inherit from parent roles, allowing a user in a lower‑level role to automatically acquire permissions from higher‑level roles.

The model consists of three parts:

User Center – user and role management, supporting personal, organizational, and custom roles with multi‑level inheritance.

Resource Center – customizable resource types, multi‑level tree representation, resource packaging, and security classification.

Permission Center – expressive policies including range policies, expression policies, automatic permission merging, and black‑white list handling.

Challenges : Scaling the platform across many business lines, providing a generic yet extensible solution, and ensuring high QPS availability.

Solution Overview :

Plug‑in service layer that allows business‑line‑specific extensions on top of a common permission core.

A generic data security platform covering basic permission, approval, and audit functions.

Micro‑service architecture with core and non‑core service separation, data caching, and graceful degradation to guarantee high availability.

Plugin Service Layer : Plugins call the common services via RPC, enabling independent deployment and custom logic while reusing user, resource, and authorization services.

Core Services include User Service (user/department sync, role management), Resource Service (registration, synchronization, classification), Grant Service (self‑service permission granting), and Auth Service (SDK for authorization checks).

Approval System provides reusable multi‑level approval templates, reducing integration steps from six to a single template selection and callback implementation.

Audit System collects client logs, stores audit records in Elasticsearch, and integrates with visualization tools for reporting.

High Availability Measures :

Micro‑service decomposition with front‑end gateway, load balancing, and independent deployment.

Read/write splitting using Meituan's Zebra middleware, Redis caching with fallback to MySQL, and Elasticsearch for historical data.

Message queues, distributed task scheduling (Crane), thread pools, and distributed locks to ensure consistency and responsiveness.

Future Outlook : The platform will continue to expose plug‑in development standards, allowing each business line to implement custom permission controls while maintaining a unified security foundation.