IAM
IAM
Document
- Documentation
IAMUser GuidePermission PolicyPolicy GrammarEffect
Copy page
Download PDFPolicy Grammar
Effect
Copy pageDownload PDFEffect
Effect (Effect) is a required element of every policy declaration, including whether the effect of this permission declaration is allowed (Allow) or explicitly denied (Deny). Note: Deny has a higher priority than Allow. When the identity has Deny permission for some operations, the Allow permission granted to these operations again will not take effect. You need to remove or change the corresponding Deny declaration to Allow. For example, the following strategy still results in rejection:
{ "Statement": [ { "Effect": "Deny", "Action": [ "vpc:TagResources" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "vpc:TagResources" ], "Resource": [ "*" ] } ] }
When an identity is assigned the following two strategies, the final effect is still rejection.
- Policy 1:
{ "Statement": [ { "Effect": "Deny", "Action": [ "vpc:TagResources" ], "Resource": [ "*" ] } ] }
- Policy 2:
{ "Statement": [ { "Effect": "Allow", "Action": [ "vpc:TagResources" ], "Resource": [ "*" ] } ] }
Last updated: 2025.06.23 19:21:31
All rights reserved © Beijing Volcano Engine Technology Co., Ltd2024
