Merge pull request #191849 from rolyon/rolyon-rbac-limits-update

v-regandowner · web-flow · commit 050a60f61ceb · 2022-06-14T13:59:13.000-04:00
[Azure RBAC] Limits update
diff --git a/articles/role-based-access-control/custom-roles.md b/articles/role-based-access-control/custom-roles.md
@@ -7,7 +7,7 @@ manager: karenhoran
 ms.service: role-based-access-control
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 08/27/2021
+ms.date: 06/14/2022
 ms.author: rolyon
 ---
 
@@ -148,15 +148,15 @@ The following table describes what the custom role properties mean.
 
 | Property | Required | Type | Description |
 | --- | --- | --- | --- |
-| `Name`</br>`roleName` | Yes | String | The display name of the custom role. While a role definition is a management group or subscription-level resource, a role definition can be used in multiple subscriptions that share the same Azure AD directory. This display name must be unique at the scope of the Azure AD directory. Can include letters, numbers, spaces, and special characters. Maximum number of characters is 128. |
+| `Name`</br>`roleName` | Yes | String | The display name of the custom role. While a role definition is a management group or subscription-level resource, a role definition can be used in multiple subscriptions that share the same Azure AD directory. This display name must be unique at the scope of the Azure AD directory. Can include letters, numbers, spaces, and special characters. Maximum number of characters is 512. |
 | `Id`</br>`name` | Yes | String | The unique ID of the custom role. For Azure PowerShell and Azure CLI, this ID is automatically generated when you create a new role. |
 | `IsCustom`</br>`roleType` | Yes | String | Indicates whether this is a custom role. Set to `true` or `CustomRole` for custom roles. Set to `false` or `BuiltInRole` for built-in roles. |
-| `Description`</br>`description` | Yes | String | The description of the custom role. Can include letters, numbers, spaces, and special characters. Maximum number of characters is 1024. |
+| `Description`</br>`description` | Yes | String | The description of the custom role. Can include letters, numbers, spaces, and special characters. Maximum number of characters is 2048. |
 | `Actions`</br>`actions` | Yes | String[] | An array of strings that specifies the control plane actions that the role allows to be performed. For more information, see [Actions](role-definitions.md#actions). |
 | `NotActions`</br>`notActions` | No | String[] | An array of strings that specifies the control plane actions that are excluded from the allowed `Actions`. For more information, see [NotActions](role-definitions.md#notactions). |
 | `DataActions`</br>`dataActions` | No | String[] | An array of strings that specifies the data plane actions that the role allows to be performed to your data within that object. If you create a custom role with `DataActions`, that role cannot be assigned at the management group scope. For more information, see [DataActions](role-definitions.md#dataactions). |
 | `NotDataActions`</br>`notDataActions` | No | String[] | An array of strings that specifies the data plane actions that are excluded from the allowed `DataActions`. For more information, see [NotDataActions](role-definitions.md#notdataactions). |
-| `AssignableScopes`</br>`assignableScopes` | Yes | String[] | An array of strings that specifies the scopes that the custom role is available for assignment. You can only define one management group in `AssignableScopes` of a custom role. Adding a management group to `AssignableScopes` is currently in preview. For more information, see [AssignableScopes](role-definitions.md#assignablescopes). |
+| `AssignableScopes`</br>`assignableScopes` | Yes | String[] | An array of strings that specifies the scopes that the custom role is available for assignment. Maximum number of `AssignableScopes` is 2,000. You can define only one management group in `AssignableScopes` of a custom role. Adding a management group to `AssignableScopes` is currently in preview. For more information, see [AssignableScopes](role-definitions.md#assignablescopes). |
 
 Permission strings are case-insensitive. When you create your custom roles, the convention is to match the case that you see for permissions in [Azure resource provider operations](resource-provider-operations.md).
 
diff --git a/includes/role-based-access-control/limits.md b/includes/role-based-access-control/limits.md
@@ -5,16 +5,21 @@
  author: rolyon
  ms.service: role-based-access-control
  ms.topic: include
- ms.date: 11/12/2021
+ ms.date: 06/14/2022
  ms.author: rolyon
  ms.custom: include file
 ---
 
-| Resource | Limit |
-| --- | --- |
-| [Azure role assignments per Azure subscription](../../articles/role-based-access-control/overview.md)<br/>The role assignments limit for a subscription is currently being increased. For more information, see [Troubleshoot Azure RBAC](../../articles/role-based-access-control/troubleshooting.md#azure-role-assignments-limit). | 2,000 |
-| [Azure role assignments per management group](../../articles/role-based-access-control/overview.md) | 500 |
-| [Size of description for Azure role assignments](../../articles/role-based-access-control/conditions-faq.md) | 2 KB |
-| [Size of condition for Azure role assignments](../../articles/role-based-access-control/conditions-overview.md) | 8 KB |
-| [Azure custom roles per tenant](../../articles/role-based-access-control/custom-roles.md) | 5,000 |
-| [Azure custom roles per tenant](../../articles/role-based-access-control/custom-roles.md)<br/>(for Azure Germany and Azure China 21Vianet) | 2,000 |
+| Area | Resource | Limit |
+| --- | --- | --- |
+| [Azure role assignments](../../articles/role-based-access-control/overview.md) |  |  |
+|  | Azure role assignments per Azure subscription<br/>The role assignments limit for a subscription is currently being increased. For more information, see [Troubleshoot Azure RBAC](../../articles/role-based-access-control/troubleshooting.md#azure-role-assignments-limit). | 2,000 |
+|  | Azure role assignments per management group | 500 |
+|  | Size of description for Azure role assignments | 2 KB |
+|  | Size of [condition](../../articles/role-based-access-control/conditions-overview.md) for Azure role assignments | 8 KB |
+| [Azure custom roles](../../articles/role-based-access-control/custom-roles.md) |  |  |
+|  | Azure custom roles per tenant | 5,000 |
+|  | Azure custom roles per tenant<br/>(for Azure Germany and Azure China 21Vianet) | 2,000 |
+|  | Size of role name for Azure custom roles | 512 chars |
+|  | Size of description for Azure custom roles | 2 KB |
+|  | Number of assignable scopes for Azure custom roles | 2,000 |
