100 Days of System Design Questions challenges

Design a system for access control and audit logging to manage and monitor user activities within a software application or system. The system should enforce access policies, track user interactions, and generate audit logs for security, compliance, and troubleshooting purposes. Consider factors such as authentication mechanisms, authorization models, role-based access control (RBAC), and fine-grained permissions in your design. Discuss how you would implement access control mechanisms to authenticate users, authorize their actions, and enforce least privilege principles. Additionally, address how you would capture and log relevant events, such as login attempts, resource accesses, and configuration changes, in a secure and tamper-evident manner. Provide insights into the technologies, logging frameworks, and storage solutions you would employ to implement this access control and audit logging system effectively.