Code Room
System designHardsd-g615
Subject Access control rbacLevel Senior–Staff~50 minCommon in Security interviewsIndustries Technology

Question

Design an authorization service that answers 'can user U do action A on resource R?' for a collaboration platform with 100M users and deeply nested resource hierarchies (orgs → teams → folders → documents) plus per-resource sharing. It must serve 1M authorization checks/sec at p99 under 10ms, reflect a permission change (e.g., a revoked share) within ~1s, and never return a false-allow. Discuss the data model, how you evaluate nested/inherited permissions at scale, and the consistency trade-off.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.