Show layered thinking: "I use OpenZeppelin AccessControl for role-based permissions, behind a timelock for admin functions, with a multi-sig as the timelock admin. This gives transparency and time for users to react."
Approaches: simple owner pattern (Ownable), role-based access (AccessControl from OpenZeppelin), multi-sig requirements, time-locks for sensitive operations, and governance voting. Trade-offs: single owner is simple but a single point of failure; role-based is more flexible but more complex; multi-sig adds security but operational overhead. Strong candidates discuss: renouncing ownership, two-step ownership transfer, and the risks of upgradeability combined with access control.
Tests security architecture thinking. Contracts with weak access control are frequently exploited. Candidates who only know the Ownable pattern may not have built production-grade systems.