Code Room
System designMediumsd-g235
Subject Rbac abacLevel Mid–Senior~35 minCommon in Distributed systems interviewsIndustries Technology, Software development

Question

Design the RBAC model for an enterprise IT/HR platform where 200K employees across a deep org hierarchy need access scoped by department, location, and job function, managers can delegate a subset of their permissions to reports, and auditors must answer 'who can approve a $1M purchase order and why?' The naive 'one role per unique permission set' approach explodes into tens of thousands of roles. Walk through the model, how you avoid role explosion, how delegation works without privilege escalation, and how you make access auditable.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.