{"id":"iam-notprincipal-deny-boundary-conflict","text":"Using `NotPrincipal` with `Deny` in resource-based policies always denies principals with permissions boundaries attached — use `ArnNotEquals` with `aws:PrincipalArn` condition instead.","truth_value":"IN","source":"entries/2026/03/08/iam-permission-boundaries.md","source_url":"","source_hash":"33afa4424bf72145","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-notprincipal-deny-boundary-conflict","truth_value":"IN","reason":"premise"}]}}