When trying to invite a partner user to a custom role the action is failing with a "You are not authorized to invite *username* because you selected the *rolename* role, which has more privileges than your account" error.

When trying to assign the same role to an existing user the action is failing with a "*yourname* is not authorized to change role: User cannot assign a user role with higher privileges" error

This is caused by the target role having more privileges than the user who is trying to assign the role. In particular this can happen when a Partner creates a custom role and tries to add any of the Customer permissions (Create Customer, Read Customer, Update Customer, Delete Customer). These permissions are for administering direct customers and not intended for partner users. All necessary permissions to administer partner customers are in the MSP permissions.

Remove Create Customer, Read Customer, Update Customer, and Delete Customer permissions from the custom role

See https://knowledge.broadcom.com/external/article?articleNumber=283881 for additional details