Merge pull request #106259 from rolyon/rolyon-rbac-limits-update

American-Dipper · web-flow · commit 390b5fd61b7d · 2020-03-17T15:24:49.000-07:00
[Azure RBAC] Limits update
diff --git a/articles/role-based-access-control/custom-roles.md b/articles/role-based-access-control/custom-roles.md
@@ -12,7 +12,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 02/26/2020
+ms.date: 03/02/2020
 ms.author: rolyon
 ms.reviewer: bagovind
 ms.custom: H1Hack27Feb2017
@@ -22,7 +22,7 @@ ms.custom: H1Hack27Feb2017
 
 If the [built-in roles for Azure resources](built-in-roles.md) don't meet the specific needs of your organization, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at subscription, resource group, and resource scopes.
 
-Custom roles can be shared between subscriptions that trust the same Azure AD directory. There is a limit of **5,000** custom roles per directory. (For specialized clouds, such as Azure Government, Azure Germany, and Azure China 21Vianet, the limit is 2,000 custom roles.) Custom roles can be created using the Azure portal (Preview), Azure PowerShell, Azure CLI, or the REST API.
+Custom roles can be shared between subscriptions that trust the same Azure AD directory. There is a limit of **5,000** custom roles per directory. (For Azure Germany and Azure China 21Vianet, the limit is 2,000 custom roles.) Custom roles can be created using the Azure portal (Preview), Azure PowerShell, Azure CLI, or the REST API.
 
 ## Custom role example
 
diff --git a/articles/role-based-access-control/troubleshooting.md b/articles/role-based-access-control/troubleshooting.md
@@ -12,7 +12,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 11/22/2019
+ms.date: 03/02/2020
 ms.author: rolyon
 ms.reviewer: bagovind
 ms.custom: seohack1
@@ -31,7 +31,7 @@ This article answers common questions about role-based access control (RBAC) for
 - If you need steps for how to create a custom role, see the custom role tutorials using [Azure PowerShell](tutorial-custom-role-powershell.md) or [Azure CLI](tutorial-custom-role-cli.md).
 - If you are unable to update an existing custom role, check that you are currently signed in with a user that is assigned a role that has the `Microsoft.Authorization/roleDefinition/write` permission such as [Owner](built-in-roles.md#owner) or [User Access Administrator](built-in-roles.md#user-access-administrator).
 - If you are unable to delete a custom role and get the error message "There are existing role assignments referencing role (code: RoleDefinitionHasAssignments)", then there are role assignments still using the custom role. Remove those role assignments and try to delete the custom role again.
-- If you get the error message "Role definition limit exceeded. No more role definitions can be created (code: RoleDefinitionLimitExceeded)" when you try to create a new custom role, delete any custom roles that aren't being used. Azure supports up to **5000** custom roles in a tenant. (For specialized clouds, such as Azure Government, Azure Germany, and Azure China 21Vianet, the limit is 2000 custom roles.)
+- If you get the error message "Role definition limit exceeded. No more role definitions can be created (code: RoleDefinitionLimitExceeded)" when you try to create a new custom role, delete any custom roles that aren't being used. Azure supports up to **5000** custom roles in a tenant. (For Azure Germany and Azure China 21Vianet, the limit is 2000 custom roles.)
 - If you get an error similar to "The client has permission to perform action 'Microsoft.Authorization/roleDefinitions/write' on scope '/subscriptions/{subscriptionid}', however the linked subscription was not found" when you try to update a custom role, check whether one or more [assignable scopes](role-definitions.md#assignablescopes) have been deleted in the tenant. If the scope was deleted, then create a support ticket as there is no self-service solution available at this time.
 
 ## Recover RBAC when subscriptions are moved across tenants
diff --git a/includes/role-based-access-control-limits.md b/includes/role-based-access-control-limits.md
@@ -5,7 +5,7 @@
  author: rolyon
  ms.service: role-based-access-control
  ms.topic: include
- ms.date: 06/21/2019
+ ms.date: 03/02/2020
  ms.author: rolyon
  ms.custom: include file
 ---
@@ -15,4 +15,4 @@
 | [Role assignments for Azure resources per Azure subscription](../articles/role-based-access-control/overview.md) | 2,000 |
 | [Role assignments for Azure resources per management group](../articles/role-based-access-control/overview.md) | 500 |
 | [Custom roles for Azure resources per tenant](../articles/role-based-access-control/custom-roles.md) | 5,000 |
-| [Custom roles for Azure resources per tenant](../articles/role-based-access-control/custom-roles.md)<br/>(specialized clouds, such as Azure Government, Azure Germany, and Azure China 21Vianet) | 2,000 |
+| [Custom roles for Azure resources per tenant](../articles/role-based-access-control/custom-roles.md)<br/>(for Azure Germany and Azure China 21Vianet) | 2,000 |
