RBAC Role Assignments 2000 limit Constraint

Hello Team,

Customer is having high distress in regard to the RBAC Role Assignments 2000 grant limitation. Customer is using Managed Identity and Storage access patterns relying on RBAC grants, it worried customer that it’s a trap and customer will hit that limit in a very short time. These RBAC roles are so useful for the customer but it’s only a matter of time before it hits the limit.

Thank you for your consideration.

234 votes

Sherefedin Getahun (MINDTREE LIMITED) shared this idea · May 28, 2020 · Flag idea as inappropriate… · Admin →

started ·

AdminAzure AD Team (Product Manager, Microsoft Azure) responded · October 23, 2020

Apologies for the delay in updating this item. We are aware of the challenges around this limit and are actively working to be able to raise it; however, we don’t have an ETA yet.

We will update this item as we get more clarity on the timeline. Stay tuned and thank you for the understanding.

-Arturo Lucatero
@ArLucaID

21 comments

An error occurred while saving the comment

Georgia Miller commented · June 02, 2021 05:18 · Flag as inappropriate

Thank you for updating/giving us this kind of information. www.ohiosignaturepainting.com

Submitting...
paulpraveen23 commented · May 25, 2021 02:31 · Flag as inappropriate

Thank you for sharing this interesting article https://get-mobdro.com/home

Submitting...
Joshua commented · May 24, 2021 08:06 · Flag as inappropriate

Hoping for another details! Thanks | https://www.builtrightind.com/

Submitting...
Ellaine Hardin commented · May 13, 2021 09:10 · Flag as inappropriate

Thank you for sharing this interesting article. Keep us entertain! https://llcformations.com/about

Submitting...
Cyberflix TV commented · May 09, 2021 04:20 · Flag as inappropriate

That's great
https://gbwhatsapp.fun/gb-whatsapp-apk-download/

Submitting...
Robert Garcia commented · April 14, 2021 01:25 · Flag as inappropriate

With regards to the best and new cell in the country, you can come to us. Try not to be timid. We realize mobiles are costly. Accordingly, we have the most minimal cost for you. We need you to have your #1 telephone. Henceforth, we deal telephone at less cost. Visit our site and purchase your telephone today.
http://www.diamondequity.co.zw/

Submitting...
Logan commented · April 05, 2021 20:57 · Flag as inappropriate

Can you make it unlimited to get rid of the customer stress? https://www.trustaff.com/

Submitting...
Franchesca Miller commented · March 08, 2021 07:40 · Flag as inappropriate

Hey! I've been following this article. Kindly keep us updated!
Regards | https://watersoftenersolutions.com/

Submitting...
Rachael Robinson commented · March 04, 2021 23:31 · Flag as inappropriate

I didn't know that role assignments are limited, this is the only thing I am good at. Well, I think I will have to ask for help on http://quality-essay.com/ they always have plenty of ideas.

Submitting...
rahulmittal79 commented · February 18, 2021 11:11 · Flag as inappropriate

I read this article! I hope you will continue to have such articles to share with everyone! thank you!

Submitting...
Sri Kotha commented · February 09, 2021 07:56 · Flag as inappropriate

@ArLucaID Any updates on this after Oct 23,2020? This is a blocker issue for us

Submitting...
Anonymous commented · January 27, 2021 06:16 · Flag as inappropriate

back:whasapp_Bussines

Submitting...
Anonymous commented · December 14, 2020 12:21 · Flag as inappropriate

@ArLucaID Any updates to this after October 23?
We are also running into issues and 2,000 is an extremely low number at a subscription level when Microsoft is driving AAD for RBAC

Submitting...
Keith Evans commented · December 07, 2020 13:49 · Flag as inappropriate

This is impacting our abilities. We are having to work around this 2000 limit on a regular basis.

Submitting...
CS commented · December 07, 2020 01:43 · Flag as inappropriate

Hi,

Please do something about this. You are releasing more and more services leveraging RBAC, and imposing customers to change their model and create new subscriptions is a nightmare.

For example, Azure Files requires SMB roles at RBAC level: each time we create a share, we need to burn two RBAC roles ("Storage File Data SMB Share Contributor" and "Storage File Data SMB Share Elevated Contributor") !! This plus the rest is clearly not sustainable.

Submitting...
Anonymous commented · October 20, 2020 12:24 · Flag as inappropriate

any updates about this requirements, as security becoming more highlighted concern, and more feature need to use Role assignment, eg. Keyvault RBAC ACL, this is becoming more and more painful to only have 2000 per subscription

Submitting...
AHMED ELHAROUNY commented · June 07, 2020 16:34 · Flag as inappropriate

I would like to add that this role assignments limit also applies on role assignments on sub resources like Azure Service Bus topics, queues and blob containers, app services etc. which to us is the only blocker to use Managed Identity for authentication in Azure in the way we would liked!

Submitting...
Tom Harren commented · May 20, 2020 14:16 · Flag as inappropriate

This limit seems artificial and low. If there are even 10 assignments per resource, that means we only get 200 resources per subscription!? I'm not what the reasoning is for this constraint, but will become a problem for us soon.

Submitting...
Brian Steiner commented · February 27, 2020 08:04 · Flag as inappropriate

The current hard limit of 2000 IAM role assignments at the subscription level will not be sufficient for a subscription that hosts multiple application teams. Group assignments for various roles both OOTB and custom will exceed this limit over time. This limit should be customizable per subscription usage.

Submitting...
Syedhamjath commented · January 23, 2020 04:49 · Flag as inappropriate

We already close to the limits, we can do about this ?

Submitting...
- RBAC limits.PNG 6 KB