What is the primary implementation pattern for this skill?

It uses a combination of Java Annotations, Spring AOP, and MyBatis Interceptors to automatically inject filtering logic directly into SQL queries at runtime.

Can I use this for multi-tenant applications?

Yes, the skill provides patterns for department and custom ID-based isolation, which are foundational for multi-tenant data security architectures.

Does this require modifying existing business logic?

No, the design principle is 'business transparency'. The interceptor handles SQL modification, so your business code remains focused on logic rather than filtering.

How do I handle administrators who need to see all data?

The guide includes patterns for designated permission identifiers and utility methods that allow the system to skip filters for super-admin roles or specific global tasks.

Data Permission Architect

Name: Data Permission Architect
Author: xu-cell

byxu-cell

•

セキュリティとテスト

Implements secure row-level data isolation using AOP and MyBatis interceptor patterns for Java applications.

This skill provides a comprehensive blueprint for designing and implementing row-level data permissions within Java-based backend systems. It leverages the AOP + MyBatis interceptor pattern to decouple security logic from business code, supporting granular isolation levels such as department-based, individual-only, and custom role-based access. Whether you are building a new enterprise application or retrofitting security into an existing system, this skill offers production-ready implementation patterns, SQL schema requirements, and best practices for multi-tenant and role-sensitive data environments.

主な機能

01Fail-safe security defaults to prevent accidental data leaks

02Comprehensive troubleshooting guide for common SQL injection issues

03Transparent data isolation via MyBatis SQL interceptors

0411 GitHub stars

05Declarative permission configuration using custom Java annotations

06Support for hierarchical department and individual access levels

ユースケース

01Adding department-level data filtering to an existing ERP or CRM system

02Restricting sensitive record access to specific creators or owners

03Designing a scalable multi-tenant architecture for enterprise SaaS applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add xu-cell/ai-engineering-init data-permission

For use in Claude.ai and ChatGPT

Download Skill