Question
You run a Zanzibar-style fine-grained authorization service, but the new requirement is the reverse query: not 'can user U see doc D?' (a check) but 'list all docs U can see' and 'list all users who can see D' (the expansion / reverse-index problem) over ~5B relationship tuples with deep group nesting. A naive expansion of a single 'list my documents' for a power user touching 200 groups can fan out to millions of tuples and time out. Design how you answer these list/expand queries efficiently. Discuss the index you maintain, how you bound the fan-out of nested-group expansion, the staleness you accept, and how you keep 'list' results consistent with point checks.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.