Code Room
System designHardsd-g628
Subject Privileged access securityLevel Senior–Staff~50 minCommon in Security · Distributed systems interviewsIndustries Technology

Question

Design a privileged-access-management system that brokers human and automated access to production infrastructure (servers, databases, cloud consoles) for a company of 5,000 engineers. There should be no standing admin access — every privileged session is granted just-in-time, time-boxed, approved, and fully recorded, so a stolen engineer laptop or leaked credential grants nothing durable. It must broker ~2,000 concurrent sessions, add minimal friction to legitimate access, and make every privileged action attributable and revocable mid-session. Cover the access-request flow, credential brokering, session recording, and the security-vs-friction trade-off.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.