AWS Certified Solutions Architect - Associate (SAA-C02)
  1. Rooms
  2. AWS Certified Solutions Architect - Associate (SAA-C02)

Sign Up Free or Log In to participate!

IAM question

can a policy at the group level override a role permission and vice versa ?

1 Answers

The effective permissions for an entity are the permissions that are granted by all the policies that affect the user or role. Within an account, the permissions for an entity can be affected by identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs, or session policies. If any one of these policy types explicitly denies access for an operation, then the request is denied. 

See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization