AWS - Identity and Access Management
If a user has both an inline policy denying S3 delete and a managed policy allowing full S3 access, what is the effective permission for S3 delete?
If a user has both an inline policy denying S3 delete and a managed policy allowing full S3 access, what is the effective permission for S3 delete?
medium📝 service behavior Q4 of 15
Step-by-Step Solution
Solution:
Step 1: Understand AWS policy evaluation logic
Explicit deny in any policy overrides any allow permission.Step 2: Apply to inline and managed policies
Inline policy denies S3 delete explicitly, so delete is denied despite managed policy allowing it.Final Answer:
Denied, because explicit deny in inline policy takes precedence. -> Option DQuick Check:
Explicit deny overrides allow = A [OK]
Quick Trick: Explicit deny always wins over allow [OK]
Common Mistakes:
- Thinking managed policies override inline policies
- Assuming inline policies are ignored if managed exist
- Believing managed policies cannot grant delete
Master "Identity and Access Management" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes