AWS Certified Solutions Architect - Associate (SAA-C02)

Sign Up Free or Log In to participate!

If a conflicting policy is assigned to a user vs user group, which will take precedence?

As part of IAM lab, I assigned restrictive S3 access policy to a user and a more relaxed S3 all allowed policy to the user group, to which the user  is a member. I was expecting the restrictive policy assigned to the user will take precedence over the relaxed policy of the user group. But on the contrary, the moment I assigned relaxed policy to the user group, the user is able to access the S3, which overwise restricted.  Which one will take precedence, when we have such conflicting policies ?

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?