Code Room
System designHardsd-g242
Subject Authorization at scaleLevel Senior–Staff~50 minCommon in Security interviewsIndustries Technology, Software development

Question

Design an authorization-as-a-service platform that other product teams in your company integrate to externalize authz out of their app code: teams define their own resource types and permission models, end-customers configure their own roles and sharing, and a single check API answers 'can subject S do action A on resource R?' for dozens of internal products with wildly different models (some RBAC, some ownership/sharing, some hierarchical). Total ~2M checks/sec. Walk through the schema/policy abstraction you'd expose, how you store each product's relationships/policies in one engine, and the trade-off between a flexible policy DSL and predictable performance.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.