iam-resource-policy-user-arn-bypasses-boundary

Status: IN

Resource-based policies granting access to an IAM user ARN (same account) are not limited by implicit denies in permissions boundaries; grants to a role ARN are limited, but grants to a role session ARN are not.

Source: entries/2026/03/08/iam-permission-boundaries.md

JSON