Code Room
CodingMediumcod-g1110
Subject Access controlLevel Mid–Senior~20 minCommon in Security interviewsIndustries Software development, IT services

Question

Resolve an access decision from a list of ACL rules. Each rule is [effect, principal, action] where effect is 'allow' or 'deny'. A rule matches the request (user, action) if its principal equals the user or '*', and its action equals the action or '*'. Deny takes precedence over allow: if any matching rule denies, the result is 'deny'. Otherwise if any matching rule allows, the result is 'allow'. If no rule matches, the result is 'deny' (default-deny). Return the decision string.

Implement
resolve_acl(rules: list[list[str]], user: str, action: str) → str
Examples
in[[["allow","alice","read"],["deny","*","read"]],"alice","read"]out"deny"
What a strong answer looks like

State your approach and its time/space complexity out loud before you optimize. Handle the edge cases (empty input, duplicates, overflow), and say why you chose this over the brute force. Green tests are the floor, not the grade.

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.