We are want to base our product architecture on the Field level security and document-level security.
one of our concern is whether there is a scaling limit to the number of users and number of roles in the system,
our usage in Open Distro is more as a backend DB not throw Kibana.
There is no limit as such, however any fls or dls adds additional processing therefore considerations needs to be made with fls for example, if whitelist or blacklist is the better approach, i.e. if majority of fields are hidden, perhaps whitelist is better.
Regarding the roles, similar approach needs to be taken and unnecessary roles removed from users if they have no impact on the user interactions.
Hope this helps