Code Room
System designHardsd-g226
Subject Rbac abacLevel Senior–Staff~45 minCommon in Distributed systems interviewsIndustries Technology, Software development

Question

Design a policy decision engine for a cloud platform that must evaluate fine-grained ABAC policies (deny-by-default, attributes like resource tags, requester role, time of day, source IP, MFA state) on every API call — 1M authorization decisions/sec, p99 budget of 1ms, and policy changes must take effect within seconds across the fleet. Walk through where evaluation happens (central PDP vs distributed PEP), how policies and the data they need are distributed, how you keep decisions fast and correct, and the trade-off between centralized auditability and edge latency.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.