{"id":"policy-governance-enforcement-model","text":"Azure Policy operates as an explicit deny system with cumulative most-restrictive evaluation — when multiple policies overlap, the strictest wins — orthogonal to RBAC which evaluates user actions rather than resource state, making Policy the resource-centric complement to RBAC's identity-centric access control.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"policy-governance-enforcement-model","truth_value":"IN","reason":"premise"}]}}