Code Room
System designHardsd-g476
Subject Authorization at scaleLevel Senior–Staff~50 minCommon in Security · Databases & SQL interviewsIndustries Technology, Software development

Question

Design delegated administration for a large enterprise platform: the global admin must be able to carve out scoped sub-admins ('you can manage users and roles, but ONLY within the EMEA org unit and ONLY roles weaker than your own'), recursively, without those sub-admins ever being able to escalate their own privileges or grant something they don't hold. Think 100K+ principals, deep org trees, thousands of delegated grants. Discuss the permission model that makes delegation safe, how you prevent privilege escalation (granting yourself more, or granting a role you lack), and how grant changes propagate consistently.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.