If the same asset(s) have differing permissions across multiple policies, the most expansive permissions will take priority - except where Deny Access is enabled within a policy. In such a case, the latter will take priority.
Here are some examples:
| Expansive Permissions | Deny Access Permissions |
|
if Policy 1: Read Only access for assets A, B, and C and Policy 2: Read and Update access for assets B and C then assets A, B, and C will have Read and Update access. |
if Policy 1: Read Only access for assets A, B, and C and Policy 2: Read and Update access for assets B and C and Policy 3: Denies Read and Update access for assets C then assets A, B, and C will have neither Read nor Update access. |
