How do I approach System Design interview questions?

System Design questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master system design interviews.

What difficulty level is this interview question?

This is a medium difficulty System Design question, commonly asked during Onsite rounds at Atlassian.

What role is this question designed for?

This question is commonly asked for Software Engineer candidates at Atlassian during technical interviews.

Design an access control system (RBAC + resource-based) | Atlassian Interview Question

Design an access control system (RBAC + resource-based)

Last updated: Apr 21, 2026

Quick Overview

This question evaluates a candidate's ability to design a scalable authorization system incorporating RBAC and resource-based ACLs, testing competencies in access-control models, data schema design, policy evaluation, API design, caching strategies, and audit logging.

Atlassian

Jan 5, 2026, 12:00 AM

Software Engineer

Onsite

System Design

Design an authorization system that supports both:

Role-Based Access Control (RBAC) : users/groups have roles (e.g., Admin, Editor, Viewer) that grant permissions.
Resource-based permissions (ACLs) : individual resources can grant permissions directly to users/groups (e.g., a specific page shared with a user).

Requirements:

Support common actions: read , write , delete , share , admin .
Must work across multiple resource types (spaces, pages, projects, issues).
Provide APIs to grant/revoke access and to check authorization.
Discuss policy evaluation, data model, caching, and audit logs.

Deliverables:

Core entities and schema.
Permission evaluation algorithm.
REST APIs.
Edge cases (deny overrides? inheritance? group membership changes?).

Solution

Show

Comments (0)

Loading comments...

Browse More Questions

More System Design•More Atlassian•More Software Engineer•Atlassian Software Engineer•Atlassian System Design•Software Engineer System Design