Design a risk management ticketing system
Overview
This question evaluates competency in system architecture, data modeling, access control and RBAC, idempotent API design, concurrency control, search and indexing, background job orchestration, and auditability for high-volume services.
Amazon
Sep 6, 2025, 12:00 AM
Software Engineer
Onsite
System Design
0
0
Design a Risk Management Ticketing System
Context
You are designing a ticketing platform used by human users (analysts, managers, admins) and an automated risk-scanner bot. The system must support high volume, prevent duplicate tickets from automated sources, ensure safe concurrent updates, and provide auditability and reporting.
Requirements
- Ticket lifecycle and states with valid transitions.
- Role-based access control (RBAC) for humans and a bot role.
- Idempotent ticket creation to avoid duplicates from the bot.
- Concurrency control on updates.
- Search and filtering across ticket attributes and free text.
- Notifications (immediate and digest) to users.
- Monthly reporting for users and managers.
- Cover: storage schema, APIs, background jobs for report generation, audit trails, and scaling for high volume.
Deliverables
- High-level architecture and components.
- Data model/schema (relational core, search index, queues, caches).
- API design, including idempotency and concurrency.
- Lifecycle/state machine and RBAC model.
- Background jobs for reporting, notification handling.
- Auditability approach.
- Scaling and reliability strategies.
Solution
Login required
Show