Last updated：2021-10-29 17:57:34
This topic describes the permission evaluation logic of IAM.
IAM evaluates all policies attached to an IAM user based on the default/implicit deny rule and determines whether a request of an IAM user is allowed as follows:
That is, a request that is explicitly denied in a policy will be denied even though it is explicitly allowed in another policy. If a request is not explicitly allowed in any policy, the request is implicitly denied by default.