PracHub
QuestionsPremiumCoachesLearningGuidesInterview Prep
|Home/System Design/Atlassian

Design an access control system (RBAC + resource-based)

Last updated: Apr 21, 2026

Quick Overview

This question evaluates a candidate's ability to design a scalable authorization system incorporating RBAC and resource-based ACLs, testing competencies in access-control models, data schema design, policy evaluation, API design, caching strategies, and audit logging.

  • medium
  • Atlassian
  • System Design
  • Software Engineer

Design an access control system (RBAC + resource-based)

Company: Atlassian

Role: Software Engineer

Category: System Design

Difficulty: medium

Interview Round: Onsite

Design an authorization system that supports both: - **Role-Based Access Control (RBAC)**: users/groups have roles (e.g., Admin, Editor, Viewer) that grant permissions. - **Resource-based permissions (ACLs)**: individual resources can grant permissions directly to users/groups (e.g., a specific page shared with a user). Requirements: - Support common actions: `read`, `write`, `delete`, `share`, `admin`. - Must work across multiple resource types (spaces, pages, projects, issues). - Provide APIs to grant/revoke access and to check authorization. - Discuss policy evaluation, data model, caching, and audit logs. Deliverables: - Core entities and schema. - Permission evaluation algorithm. - REST APIs. - Edge cases (deny overrides? inheritance? group membership changes?).

Quick Answer: This question evaluates a candidate's ability to design a scalable authorization system incorporating RBAC and resource-based ACLs, testing competencies in access-control models, data schema design, policy evaluation, API design, caching strategies, and audit logging.

Related Interview Questions

  • Design a distributed rate limiter service - Atlassian (medium)
  • Design a simple greeting-card web app - Atlassian (medium)
  • Design a Data Stream Processor - Atlassian (easy)
  • Design a scalable chatbot platform - Atlassian (medium)
  • Diagnose why a scaled system became slow - Atlassian (medium)
Atlassian logo
Atlassian
Jan 5, 2026, 12:00 AM
Software Engineer
Onsite
System Design
7
0

Design an authorization system that supports both:

  • Role-Based Access Control (RBAC) : users/groups have roles (e.g., Admin, Editor, Viewer) that grant permissions.
  • Resource-based permissions (ACLs) : individual resources can grant permissions directly to users/groups (e.g., a specific page shared with a user).

Requirements:

  • Support common actions: read , write , delete , share , admin .
  • Must work across multiple resource types (spaces, pages, projects, issues).
  • Provide APIs to grant/revoke access and to check authorization.
  • Discuss policy evaluation, data model, caching, and audit logs.

Deliverables:

  • Core entities and schema.
  • Permission evaluation algorithm.
  • REST APIs.
  • Edge cases (deny overrides? inheritance? group membership changes?).

Solution

Show

Submit Your Answer to Earn 20XP

Sign in to leave a comment

Loading comments...

Browse More Questions

More System Design•More Atlassian•More Software Engineer•Atlassian Software Engineer•Atlassian System Design•Software Engineer System Design
PracHub

Master your tech interviews with 8,000+ real questions from top companies.

Product

  • Questions
  • Learning Tracks
  • Interview Guides
  • Resources
  • Premium
  • For Universities
  • Student Access

Browse

  • By Company
  • By Role
  • By Category
  • Topic Hubs
  • SQL Questions
  • Compare Platforms
  • Discord Community

Support

  • support@prachub.com
  • (916) 541-4762

Legal

  • Privacy Policy
  • Terms of Service
  • About Us

© 2026 PracHub. All rights reserved.