Status: IN
Resource-based policies targeting individual user ARNs can bypass both permission boundaries and group-based access governance, since groups cannot be principals in resource policies.
JSON