Authorization Core Role-Based Access Control Limits
The Authorization Core Role-Based Access Control (RBAC) feature set is subject to the following limits:
|Roles per tenant||1000|
|Scopes per API||1000|
|Roles per user (directly assigned)||50|
|Permissions per user (directly assigned)||1000|
|Permissions per role (directly assigned)||1000|
Note that limitations on permissions per user affect those assigned directly. Technically, a user could have more permissions than noted if the permissions were assigned to different roles and then the roles were assigned to the user.