Design and Implementation of Baidu's Unified Permission Management Service (MPS)

The article introduces a unified permission management service (MPS) created to solve the chaos of disparate permission systems across many internal platforms and data services within an enterprise.

It begins with a thorough requirement analysis, identifying the need for platform integration, hierarchical permission classification, unified authentication, customizable approval workflows, and secure API design.

The chosen technology stack is Baidu's internal Go Development Platform (GDP), which offers strong infrastructure support, easy configuration, RPC capabilities, and Prometheus‑based monitoring.

Permission modeling combines three classic access‑control approaches: ACL for fine‑grained resource permissions, DAC for owner‑driven rights delegation, and RBAC for role‑based scalability. Business permissions are split into "business" and "management" categories, and both node‑level and permission‑package grants are supported.

Functionally, MPS is divided into four modules: (1) Platform & Node Management – supports multi‑platform onboarding, node definition, and organizational hierarchy; (2) Permission Management – includes historical import, CRUD operations for platform and business permissions, and an authentication service; (3) Application & Authorization – provides online request forms, customizable approval processes, and automatic grant callbacks; (4) Audit & Recycle – offers permission data export, daily operation logs, automated expiration handling, and user status‑based revocation.

Two node‑synchronization strategies are offered: a push model where platforms push a tree‑structured node map via MPS APIs, and a pull model where MPS periodically fetches the node tree from the platform. The push model (Scheme 1) is recommended for its reliability.

Online permission requests follow a unified workflow: users submit applications, designated approvers review and approve, and MPS automatically grants rights or triggers platform callbacks. Both a fully managed approval UI and a custom front‑end integration are supported.

The service includes a generic, parameter‑driven approval process that can be tailored per platform, reducing the need for multiple hard‑coded workflow classes.

Operational metrics show that MPS now serves nearly 40 platforms, manages over 100 000 permission nodes, processes 2 000–3 000 request tickets daily, serves more than 20 000 users, and handles peak API traffic of 1.3 million calls per day with 300 k authentication calls.

Future plans aim to further generalize MPS for broader platform adoption, enabling seamless inter‑tool permission sharing across the enterprise data center.