{"id":"iam-resource-policies-bypass-group-governance-and-permission-boundaries","text":"Resource-based policies targeting individual user ARNs can bypass both permission boundaries and group-based access governance, since groups cannot be principals in resource policies.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-resource-policies-bypass-group-governance-and-permission-boundaries","truth_value":"IN","reason":"premise"}]}}