{"id":"iam-resource-policy-user-arn-bypasses-boundary","text":"Resource-based policies granting access to an IAM user ARN (same account) are not limited by implicit denies in permissions boundaries; grants to a role ARN are limited, but grants to a role session ARN are not.","truth_value":"IN","source":"entries/2026/03/08/iam-permission-boundaries.md","source_url":"","source_hash":"33afa4424bf72145","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-resource-policy-user-arn-bypasses-boundary","truth_value":"IN","reason":"premise"}]}}