How to Implement Multi‑Tenant Access Control with PHP‑Casbin in SaaS Platforms

What is Multi‑Tenancy?

Multi‑Tenancy is a software architecture and service model where a single software instance serves multiple tenants (companies, organizations, or individuals) while keeping each tenant’s data and configuration isolated, similar to separate rooms in the same building.

Implementation Approaches

Database Isolation : Assign an independent database to each tenant, ensuring complete data isolation but increasing management cost and complexity.

Schema Isolation : Store all tenants in the same database but isolate them using separate tables or tablespaces, reducing the number of databases while requiring more complex data management and security mechanisms.

Shared Database and Schema : Keep all tenant data in the same tables and distinguish tenants with a specific column, achieving the highest resource utilization but making data isolation and security hardest.

Shared Database

Using shared database and schema

In this mode, all tenants share a single physical database server or instance. Each tenant’s data is stored in the same database file or cluster, reducing hardware and maintenance costs because separate database instances are not required for each tenant.

Database Design

In a multi‑tenant environment the database must store each tenant’s data separately and ensure isolation. Two common designs are:

All tenants share the same tables, each row includes a tenant_id column to differentiate data.

Each tenant has its own database with identical table structures, providing full isolation.

CREATE TABLE `resty_tenant` (
  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
  `name` varchar(50) COLLATE utf8mb4_unicode_ci NOT NULL,
  `description` varchar(255) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
  `created_time` int(11) unsigned NOT NULL DEFAULT '0',
  `updated_time` int(11) unsigned NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='租户表';

Permission Control

PHP‑Casbin is a lightweight open‑source access‑control framework for PHP that supports ACL, RBAC, and ABAC models. It uses a meta‑model design and provides both global RBAC and domain‑specific (tenant‑aware) models.

PHP‑Casbin allows defining roles that are scoped to a specific tenant or domain, enabling each tenant in a SaaS/PaaS environment to have independent permission policies.

Case Study

Consider a multi‑tenant e‑commerce platform where each merchant is a tenant. Each merchant has its own management team, can assign different roles to team members, and its data is logically isolated while sharing the platform’s resources.

Merchant 1 : Administrator role assigned to User 1 , who can edit, publish, and manage inventory for Product 1 .

Merchant 2 : Administrator role assigned to User 2 , who manages Product 2 with the same set of permissions.

Each merchant’s users and product data are isolated, and each tenant has its own permission control system.

Model Configuration

Model file rbac_with_domains_model.conf:

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, dom, obj, act

[role_definition]
g = _, _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act

The added dom parameter represents the tenant (domain). In [role_definition] the three placeholders correspond to user, role, and tenant/domain. The matcher g(r.sub, p.sub, r.dom) checks the relationship among user, role, and tenant.

Policy Definition

Policy file rbac_with_domains_policy.csv:

p,admin,tenant1,goods1,read
p,admin,tenant1,goods1,write

p,admin,tenant2,goods2,read
p,admin,tenant2,goods2,write

g,user1,admin,tenant1
g,user2,admin,tenant2

This defines admin permissions for tenant1 (goods1) and tenant2 (goods2), and assigns user1 and user2 the admin role in their respective tenants.

Decision (Enforcement)

Install PHP‑Casbin: composer require casbin/casbin Instantiate an Enforcer with the model and policy files:

<?php
/**
 * @desc Decision Enforcer
 */
declare(strict_types=1);
require_once __DIR__ . '/vendor/autoload.php';
use Casbin\Enforcer;
$enforcer = new Enforcer('./rbac_with_domains_model.conf', './rbac_with_domains_policy.csv');

Validate Tenant 1 Permissions

var_dump($enforcer->enforce('user1', 'tenant1', 'goods1', 'read'),   // true
var_dump($enforcer->enforce('user1', 'tenant1', 'goods1', 'write'),  // true
var_dump($enforcer->enforce('user1', 'tenant2', 'goods2', 'read'),   // false
var_dump($enforcer->enforce('user1', 'tenant2', 'goods2', 'write')); // false

Result: User 1 can read and write Goods 1 in Tenant 1 but has no permissions for Tenant 2 .

Validate Tenant 2 Permissions

var_dump($enforcer->enforce('user2', 'tenant1', 'goods1', 'read'),   // false
var_dump($enforcer->enforce('user2', 'tenant1', 'goods1', 'write'),  // false
var_dump($enforcer->enforce('user2', 'tenant2', 'goods2', 'read'),   // true
var_dump($enforcer->enforce('user2', 'tenant2', 'goods2', 'write')); // true

Result: User 2 has read/write access to Goods 2 in Tenant 2 but none in Tenant 1 .

Conclusion

Developing enterprise‑grade SaaS cloud services increasingly relies on multi‑tenant designs. Multi‑tenant permission control is a core element that enables shared resources while keeping data isolated, offering high cost efficiency, flexibility, and scalability. The lightweight PHP‑Casbin framework allows rapid implementation of tenant‑aware access control, supporting stable and efficient SaaS platform construction.