Azure-docs: Scope of maximum role assignments isn't clear.

Created on 7 May 2020  Â·  8Comments  Â·  Source: MicrosoftDocs/azure-docs

In documentation the following sentence is mentioned: "You can have up to 2000 role assignments in each subscription and 500 role assignments in each management group."

However, it's not clear if role assignments at resource group level or resource level counts towards the maximum "2000 role assignments in each subscription" or is the 2000 is only for subscription level role assignments.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

Pri1 assigned-to-author product-question role-based-access-controsvc triaged
Source
picture harouny

All 8 comments

@harouny Thanks for your feedback! We will investigate and update as appropriate.

SaurabhSharma-MSFT picture SaurabhSharma-MSFT on 7 May 2020

They are included in the total. I made a pull request to make this more explicit in the text, but still think it's pretty clear. https://github.com/MicrosoftDocs/azure-docs-pr/pull/114379

If you go to Subscriptions > Access Control (IAM) > Role Assignments you can see how much of your quota you have used and see which resources the assignments have been applied to.

image

Example:
image

MarileeTurscak-MSFT picture MarileeTurscak-MSFT on 7 May 2020

@rolyon is confirming with the RBAC team so reassigning this.

MarileeTurscak-MSFT picture MarileeTurscak-MSFT on 7 May 2020

Hi @harouny
Role assignments at resource group level or resource level do count towards your 2000 maximum per subscription.
thanks

rolyon picture rolyon on 8 May 2020

Thanks @rolyon for clarification. With more use cases for Managed Identity and Azure AD Authentication i.e. on storage entities, Service bus entities etc, the 2000 limit seems pretty restricting, is there a way to increase the limit?

Sorry if that's not the right channel for the question.

AElharouny picture AElharouny on 8 May 2020

@harouny
Unfortunately the limit can't be increased. If you are getting close to the limit, here are some options for reducing the number of role assignments:
https://docs.microsoft.com/en-us/azure/role-based-access-control/troubleshooting#azure-role-assignments-limit

rolyon picture rolyon on 8 May 2020
👍1

Hi @harouny
We published a doc update that hopefully makes this more clear.
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
thanks

rolyon picture rolyon on 9 May 2020
👍1

please-close

rolyon picture rolyon on 9 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jebeld17 picture jebeld17  Â·  3Comments
jharbieh picture jharbieh  Â·  3Comments
mrdfuse picture mrdfuse  Â·  3Comments
paulmarshall picture paulmarshall  Â·  3Comments
Ponant picture Ponant  Â·  3Comments