Role-based access control in Microservices - Scalability & System Analysis

The first bottleneck is the authorization service database that stores roles and permissions. As user count and access checks grow, frequent permission lookups cause high read load and latency. Direct DB queries for each access check become too slow and resource-heavy.

• Caching: Use in-memory caches (e.g., Redis) to store user roles and permissions for fast access.
• Token-based Auth: Use JWT tokens embedding roles/permissions to reduce calls to auth service.
• Horizontal Scaling: Run multiple instances of the auth service behind a load balancer.
• Sharding: Partition role and permission data by user groups or regions to distribute load.
• Event-driven Updates: Use message queues to update caches asynchronously when roles or permissions change.
• Edge Caching and CDN: For global scale, cache tokens and permission data closer to users.

• At 1M users with 2M access checks/sec, assuming 1KB per permission cache entry, Redis needs ~2GB RAM for hot data.
• Network bandwidth for 2M requests/sec with 1KB payload = ~2GB/s (~16Gbps), requiring high network capacity.
• Auth service instances: each handles ~5,000 QPS, so ~400 instances needed at peak.
• Storage for roles/permissions: tens of GBs, depending on complexity and history retention.

Start by explaining the RBAC components: users, roles, permissions, and access checks. Then discuss how load grows with users and requests. Identify the database as the first bottleneck. Propose caching and token-based auth to reduce load. Finally, mention horizontal scaling and sharding for very large scale. Keep answers structured and focused on bottlenecks and solutions.

Your database handles 1000 QPS. Traffic grows 10x to 10,000 QPS. What do you do first?

Answer: Introduce caching for roles and permissions to reduce direct database queries. This lowers DB load and improves response time before scaling DB or services.