diff --git a/internal/proxy/privilege_interceptor.go b/internal/proxy/privilege_interceptor.go
index a813943e09..7c7ff09cc7 100644
--- a/internal/proxy/privilege_interceptor.go
+++ b/internal/proxy/privilege_interceptor.go
@@ -40,12 +40,14 @@ m = r.sub == p.sub && globMatch(r.obj, p.obj) && globMatch(r.act, p.act) || r.su
 `
 )
 
+var templateModel = getPolicyModel(ModelStr)
+
 func getPolicyModel(modelString string) model.Model {
-	model, err := model.NewModelFromString(modelString)
+	m, err := model.NewModelFromString(modelString)
 	if err != nil {
 		log.Panic("NewModelFromString fail", zap.String("model", ModelStr), zap.Error(err))
 	}
-	return model
+	return m
 }
 
 // UnaryServerInterceptor returns a new unary server interceptors that performs per-request privilege access.
@@ -103,7 +105,8 @@ func PrivilegeInterceptor(ctx context.Context, req interface{}) (context.Context
 	policy := fmt.Sprintf("[%s]", policyInfo)
 	b := []byte(policy)
 	a := jsonadapter.NewAdapter(&b)
-	casbinModel := getPolicyModel(ModelStr)
+	// the `templateModel` object isn't safe in the concurrent situation
+	casbinModel := templateModel.Copy()
 	e, err := casbin.NewEnforcer(casbinModel, a)
 	if err != nil {
 		log.Error("NewEnforcer fail", zap.String("policy", policy), zap.Error(err))