Skip to content

ADR: Address 5000 groups quota limit by providing new APIs to give status on group usage

Handle 5000 group quota

Status

  • Proposed
  • Trialing
  • Under review
  • Approved
  • Retired

Context & Scope

Currently, we do not have a way to identify beforehand that the 5000 groups quota is about to be hit. Currently users reach out to us once this quota is hit and they are being blocked because of this until the cleanup of groups is done. We need a better way to identify this before the quota is actually hit.

There are 2 quotas that need to be addressed:

  • 5000 group membership per identity.
  • 5000 user + data group existence per data partition.

Proposed API changes:

  • Update existing API (Entitlement) CreatedByApp, CreatedBy with CreatedGroup
  • New API (Entitlement):
    • Aggregation of number of Groups per partition
    • Aggregation of number of Groups per group types
    • Aggregation of number of Groups per application
    • CreateByApp, CreatedBy

Decision

Rationale

The consuming applications should be alerting their users when the quota is about to hit, ideally when 90% of the quota is reached. Data Platform will provide the APIs for checking group usage. Then the consuming applications can leverage this to alert their users, or do the clean-up.

Consequences

When to revisit

Tradeoff Analysis - Input to decision

Alternatives and implications

Decision criteria and tradeoffs

Decision timeline

Edited by An Ngo
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information