Code Room
System designHardsd-g464
Subject Authorization at scaleLevel Senior–Staff~55 minCommon in Security · Databases & SQL interviewsIndustries Technology, Software development

Question

You run a Zanzibar-style fine-grained authorization service, but the new requirement is the reverse query: not 'can user U see doc D?' (a check) but 'list all docs U can see' and 'list all users who can see D' (the expansion / reverse-index problem) over ~5B relationship tuples with deep group nesting. A naive expansion of a single 'list my documents' for a power user touching 200 groups can fan out to millions of tuples and time out. Design how you answer these list/expand queries efficiently. Discuss the index you maintain, how you bound the fan-out of nested-group expansion, the staleness you accept, and how you keep 'list' results consistent with point checks.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.