10000/5/50=40
If there are 50 users each with their own PIN though, are you ensuring that they all have a unique pin? Counterintuitively perhaps, having duplicate PINs would create a lower probability of guessing because there’s fewer correct ones.
Also, are these PINs randomly generated or user-generated? People are predictable. 0000, 1234, 4321, 2580, 1066, 2023, user’s birth year, user’s partner’s birth year (hello, social media)…
You’ve got five attempts to guess one of 200 passwords (assuming all unique), no-one’s going to be brute-forcing that unless they walk past every day. Starting at 0000, if the first correct PIN starts just with a 1 that’s over a thousand attempts. You’ve got a bigger threat from shoulder-surfing or people holding the door open for them. I was stood idly in Boots a little while back whilst waiting for my partner to queue to pay for something. I watched staff come and go through the ‘staff only’ door, I easily got half a dozen entry codes without even trying, I have a good memory for numbers and of course really I only need one.