Skip to content

Policy Limits

There are several limits on business entities that should be considered when designing your policies.

As the policies interact with several resources like Asset Model, Time Series Data, Events and Integrated Data Lake. These limits ensure that the performance of Insights Hub remains high.

There are few limits that applies specifically to the subscribers of Capability Packages. Following table depicts the technical limits on various parameters for all Resource Packs (XS, S, M, L, XL).

Parameter XS S M L XL
No. of Policies per Account 50 100 150 200 250

Boundary conditions

Once the Resource Access Management feature is turned ON (through Settings UI application), certain limits are applicable on the amount of various object types, as mentioned below.

Object Type Limit Remarks
Subjects (Users / User Groups) per Policy (*) 10 This represents the aggregated sum of Users and User Groups
Rules per Policy 5
Actions per Rule 20
(Resources / Resource Groups) per Rule 20 This represents the aggregated sum of Resources and Resource Groups
Resources per Resource Group (*) 20
Resource Groups per Rule (*) 2 This limit is set within the above aggregated block
Resource Groups across Policies 10 This represents the number of Resource Groups that can exist across all Policies
Resource Group associations across Policies 5 This represents the number of Policies to which a single Resource Group can be added
User Group associations across Policies (*) 5 This represents the number of Policies a User Group can be part of

(*) For use cases which do not fit within these limits, kindly contact us via Support Team. On exhausting the allocated quota, further creation requests will result in the error '400: Bad request' with appropriate error message.

Technical Limits

Apart from the above specified boundary conditions, following technical limits are put in place to ensure reliable system performance.

Object Type Technical Limit
Subjects (Users / User Groups) per Policy 25
Resources per Resource Group 100
Resource Groups per Rule 4
Resource Groups across Policies 50
User Group associations across Policies 10
Policies per Account 350

On reaching the system limit, further creation requests will result in the error '400: Bad request' with appropriate error message.

Policy Modelling Recommendations

  • On exhausting Policy quota, if there are too many inactive policies, those can be reused or cleaned up for configuring more policies.
  • Resource Groups are powerful elements to put together the relevant resources and get better control of the collection. These should be used wherever possible; it also allows managing fine-grained access for a greater number of resources.
  • For better performance, a given User or User Group should not be part of more than 5 policies.
  • Similarly, for better performance, a given Resource Group should not be part of more than 5 policies.

Last update: November 27, 2023

Except where otherwise noted, content on this site is licensed under the Development License Agreement.