IAM (chapter 4) just showed best practice of not apply a Policy directly to a ‘User’ then why this lab exercise doing the same?
It is to demonstrate the benefits of Roles and how creating and assuming roles can grant temporary access to resources, even if the identity has a policy attached to it that would typically prevent access.
Does that make sense?
It’s actually a very efficient way to demonstrate. You get to see how a policy applied to the group, when removed from the group affects all users in the group, and then, when you’re done setting up the permissions as described, you can see how a user, with permissions applied directly behaves, how a user with no permissions applied behaves, and how a user that is configured so that they need to assume the role before having the permissions behaves.
Also, knowing how to set up role switching (via the console) can be pretty useful for debugging why permissions aren’t working when things get a little more complex.