Code Room
System designHardsd-g469
Subject Rbac abacLevel Senior–Staff~50 minCommon in Distributed systems interviewsIndustries Technology, Software development

Question

Design authorization for a data-query platform where ABAC policies must filter ROWS, not just allow/deny a whole request: a query 'SELECT * FROM orders' should transparently return only the rows a user is allowed to see based on attributes (region, classification, ownership) — across billions of rows, where calling a policy engine per row is impossible. The policies are admin-authored and change without redeploy. Discuss how you push authorization down into the query, the partial-evaluation idea that turns a policy into a predicate, how you handle policy changes mid-flight, and where caching is safe.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.