Updated docs for real-time multi-group authorization (#5087)

* Updated docs for real-time multi-group authorization

* Update authorization-rules.mdx

* fixed typo

Author: renebrandel

src/pages/cli-legacy/graphql-transformer/auth.mdx

@@ -570,10 +570,6 @@ When `@auth` is used subscriptions have a few subtle behavior differences than q
 
 Alternatively, when the model is protected using the static group auth strategy, the subscription request will only succeed if the user is in an allowed group. Further, the user will only get notifications of updates to records if they are in an allowed group. Note: You don't need to pass the user as an argument in the subscription request, since the resolver will instead check the contents of your JWT token.
 
-<Callout>
-Dynamic groups have no impact to subscriptions. You will not get notified of any updates to them.
-</Callout>
-
 For example suppose you have the following schema:
 
 ```graphql

src/pages/cli/graphql/authorization-rules.mdx

@@ -210,7 +210,11 @@ With dynamic group authorization, each record contains an attribute specifying w
 
 By default, `group` authorization leverages Amazon Cognito user pool groups but you can also use OpenID Connect with `group` authorization. See [OpenID Connect as an authorization provider](#using-oidc-authorization-provider).
 
-**Known limitation**: Real-time subscriptions are not supported for dynamic group authorization.
+**Known limitations for real-time subscriptions when using dynamic group authorization**:
+1. If you authorize based on a single group per record, then subscriptions are only supported if the user is part of 5 or fewer user groups
+2. If you authorize via an array of groups (`groups: [String]` example above),
+  - subscriptions are only supported if the user is part of 20 or fewer groups
+  - you can only authorize 20 or fewer user groups per record
 
 ### Custom authorization rule