Code Room
System designHardsd-g483
Subject Authorization at scaleLevel Senior–Staff~50 minCommon in Security · Databases & SQL interviewsIndustries Technology, Software development

Question

Design the consistency guarantees for a distributed, heavily-cached authorization service where the dangerous bug is the 'new enemy' problem: Alice removes Bob's access to a document AND simultaneously adds sensitive content, but because permission checks are cached/replicated with lag, a stale check still says Bob can read — so Bob sees content he was just locked out of. The service answers ~2M checks/sec from caches and replicas across regions. Design how you prevent stale-permission leaks WITHOUT making every check a strongly-consistent cross-region read (which would blow latency). Discuss consistency tokens, causal ordering, and where you accept staleness vs where you must not.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.