AWS Certified Solutions Architect - Associate (SAA-C02)

Sign Up Free or Log In to participate!

IAM question

can a policy at the group level override a role permission and vice versa ?

1 Answers

The effective permissions for an entity are the permissions that are granted by all the policies that affect the user or role. Within an account, the permissions for an entity can be affected by identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs, or session policies. If any one of these policy types explicitly denies access for an operation, then the request is denied. 


Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?