Bird
0
0

An IAM policy attached to a user is not granting expected permissions. What is a common reason for this issue?

medium📝 Debug Q6 of 15
AWS - Identity and Access Management
An IAM policy attached to a user is not granting expected permissions. What is a common reason for this issue?
AThe user has no active AWS account
BThe user is not logged in to the AWS console
CThere is an explicit deny in another policy
DThe policy uses incorrect JSON syntax
Step-by-Step Solution
Solution:

  1. Step 1: Check for conflicting policies

    Explicit deny in any policy overrides allows and blocks permissions.

  2. Step 2: Understand impact on user permissions

    If another policy explicitly denies actions, the user cannot perform them even if allowed elsewhere.

  3. Final Answer:

    Explicit deny in another policy causes permission failure -> Option C

  4. Quick Check:

    Explicit deny blocks permissions [OK]
Quick Trick: Explicit deny blocks permissions even if allowed elsewhere [OK]
Common Mistakes:
MISTAKES
  • Assuming user login status affects policy evaluation
  • Ignoring explicit deny effects
  • Blaming JSON syntax without error messages

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS CLI - Installing AWS CLI - Quiz 5medium AWS CLI - CLI output formats (json, table, text) - Quiz 9hard EC2 Fundamentals - Elastic IP addresses - Quiz 8hard Identity and Access Management - IAM roles concept - Quiz 4medium Identity and Access Management - IAM policies (JSON structure) - Quiz 3easy Identity and Access Management - IAM policies (JSON structure) - Quiz 12easy Identity and Access Management - Assuming roles for temporary access - Quiz 4medium S3 Fundamentals - Creating S3 buckets - Quiz 14medium Security Groups and Network ACLs - Security group as virtual firewall - Quiz 6medium VPC Fundamentals - Creating a custom VPC - Quiz 6medium