Question
Design a privileged-access-management (PAM) system that controls how engineers and automation reach production infrastructure (databases, servers, cloud consoles) across a company of 10K engineers and 200K hosts. Goals: eliminate standing access (no permanent admin credentials), grant just-in-time time-boxed access with approval, broker and record every privileged session, and rotate/vault all secrets. Threat model: a compromised engineer laptop, a stolen long-lived credential, and a malicious insider with legitimate access. Constraints: access requests resolved in seconds for break-glass, full session audit, and no shared accounts. Cover the access broker, the secret/credential model, session recording, and break-glass.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.