Skip to content

Policy Limits

There are several limits on business entities that should be considered when designing your policies.

As the policies interact with several resources like Asset Model, Time Series Data, Events and Integrated Data Lake, these limits ensure that the performance of Insights Hub remains high.

There are few limits that applies specifically to the subscribers of Capability Packages. The following table depicts the technical limits on various parameters for all Resource Packs (XS, S, M, L, XL).

Parameter XS S M L XL
No. of Policies per Account 50 100 150 200 250

Boundary conditions

Once the Resource Access Management feature is switched ON through Settings UI application, certain limits are applicable on the amount of various object types, as mentioned below.

Object Type Limit Remarks
Subjects (Users / User Groups) per Policy (*) 10 This represents the aggregated sum of Users and User Groups in a policy
Rules per Policy 5 This represents the number of rules in a policy
Actions per Rule 20 This represents the number of actions in a Rule
Resources per Resource Group (*) 20 This represents the number of Resources in a Resource Group
(Resources / Resource Groups) per Rule 20 This represents the aggregated sum of Resources and Resource Groups
Resource Groups per Rule (*) 2 This limit is set within the above aggregated block
Resource Groups per Account (*) 10 This represents the number of Resource Groups allocated per account
Resource Group associations across Policies 5 This represents the number of Policies to which a single Resource Group can be added
User Group associations across Policies (*) 5 This represents the number of Policies a User Group can be part of
Policies per Account (*) 50 This represents the number of Policies allocated per account

(*) For use cases which do not fit within these limits, kindly contact us via Support Team. Once the allocated quota is exhausted, further creation requests will result in the error 400: Bad request with an appropriate error message.

Technical Limits

Apart from the above specified boundary conditions, the following technical limits are implemented to ensure reliable system performance.

Object Type Technical Limit
Subjects (Users / User Groups) per Policy 25
Resources per Resource Group 100
Resource Groups per Rule 4
Resource Groups per Account 50
User Group associations across Policies 10
Policies per Account 350

On reaching the system limit, further creation requests will result in the error 400: Bad request with an appropriate error message.

Policy Modelling Recommendations

  • On exhausting Policy quota, if there are too many inactive policies, those can be reused or cleaned up for configuring more policies.
  • Resource Groups are powerful elements for organizing the relevant resources and get better control of the collection. These should be used wherever possible. It also allows managing fine-grained access for a greater number of resources.
  • For better performance, a given User or User Group should not be part of more than 5 policies.
  • Similarly, for better performance, a given Resource Group should not be part of more than 5 policies.

Last update: September 9, 2024

Except where otherwise noted, content on this site is licensed under the Development License Agreement.