Policy Limits¶
There are several limits on business entities that should be considered when designing your policies.
As the policies interact with several resources like Asset Model, Time Series Data, Events and Integrated Data Lake. These limits ensure that the performance of Insights Hub remains high.
There are few limits that applies specifically to the subscribers of Capability Packages. Following table depicts the technical limits on various parameters for all Resource Packs (XS, S, M, L, XL).
| Parameter | XS | S | M | L | XL | |
|---|---|---|---|---|---|---|
| No. of Policies per Account | 50 | 100 | 150 | 200 | 250 |
Boundary conditions¶
Once the Resource Access Management feature is turned ON (through Settings UI application), certain limits are applicable on the amount of various object types, as mentioned below.
| Object Type | Limit | Remarks |
|---|---|---|
| Subjects (Users / User Groups) per Policy (*) | 10 | This represents the aggregated sum of Users and User Groups |
| Rules per Policy | 5 | |
| Actions per Rule | 20 | |
| (Resources / Resource Groups) per Rule | 20 | This represents the aggregated sum of Resources and Resource Groups |
| Resources per Resource Group (*) | 20 | |
| Resource Groups per Rule (*) | 2 | This limit is set within the above aggregated block |
| Resource Groups across Policies | 10 | This represents the number of Resource Groups that can exist across all Policies |
| Resource Group associations across Policies | 5 | This represents the number of Policies to which a single Resource Group can be added |
| User Group associations across Policies (*) | 5 | This represents the number of Policies a User Group can be part of |
(*) For use cases which do not fit within these limits, kindly contact us via Support Team. On exhausting the allocated quota, further creation requests will result in the error '400: Bad request' with appropriate error message.
Technical Limits¶
Apart from the above specified boundary conditions, following technical limits are put in place to ensure reliable system performance.
| Object Type | Technical Limit |
|---|---|
| Subjects (Users / User Groups) per Policy | 25 |
| Resources per Resource Group | 100 |
| Resource Groups per Rule | 4 |
| Resource Groups across Policies | 50 |
| User Group associations across Policies | 10 |
| Policies per Account | 350 |
On reaching the system limit, further creation requests will result in the error '400: Bad request' with appropriate error message.
Policy Modelling Recommendations¶
- On exhausting Policy quota, if there are too many inactive policies, those can be reused or cleaned up for configuring more policies.
- Resource Groups are powerful elements to put together the relevant resources and get better control of the collection. These should be used wherever possible; it also allows managing fine-grained access for a greater number of resources.
- For better performance, a given User or User Group should not be part of more than 5 policies.
- Similarly, for better performance, a given Resource Group should not be part of more than 5 policies.