{"id":"iam-policy-evaluation-layered-fail-closed-deny","text":"IAM policy evaluation is a layered system with fail-closed deny semantics: deny policies trigger on unevaluable conditions, conditional allow bindings never override unconditional bindings for the same role, and all policies inherit top-down through the org/folder/project/resource hierarchy.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-policy-evaluation-layered-fail-closed-deny","truth_value":"IN","reason":"premise"}]}}