If I’m not mistaken documentation here https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy says that we can set or unset policy inheritance. This way we can define totally new policies at a sublevel
Can somebody confirm?
I presume the restriction around ‘child policies cannot restrict access granted at a higher level" – was specified for IAM policy in the tutorial.
The link you referring to is specifying policies on organization hierarchy which is where based on inheritFromParent=True or False, policy inheritance takes effect