When multiple policies have overlapping assets, which permissions take priority?

Have more questions? Submit a request

If the same asset(s) have differing permissions across multiple policies, the most expansive permissions will take priority - except where Deny Access is enabled within a policy. In such a case, the latter will take priority.

Here are some examples:

Expansive Permissions Deny Access Permissions

if Policy 1: Read Only access for assets A, B, and C

and Policy 2: Read and Update access for assets B and C

then assets A, B, and C will have Read and Update access. 

if Policy 1: Read Only access for assets A, B, and C

and Policy 2: Read and Update access for assets B and C

and Policy 3: Denies Read and Update access for assets C

then assets A, B, and C will have neither Read nor Update access. 

 

Related articles

Was this article helpful?
0 out of 0 found this helpful