Question
Design a privileged-access-management system that brokers human and automated access to production infrastructure (servers, databases, cloud consoles) for a company of 5,000 engineers. There should be no standing admin access — every privileged session is granted just-in-time, time-boxed, approved, and fully recorded, so a stolen engineer laptop or leaked credential grants nothing durable. It must broker ~2,000 concurrent sessions, add minimal friction to legitimate access, and make every privileged action attributable and revocable mid-session. Cover the access-request flow, credential brokering, session recording, and the security-vs-friction trade-off.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.