mmm ..
say theres a policy-child {resource: "CHILD", effect: "ALLOW"}
policy-parent {resource : "PARENT", effect: "DENY"}
Can i establish a relation between the 2 policies OR the 2 resources CHILD -- depends on -- > PARENT
Where in if the principal checks access to CHILD resource ... it is made to checks its access against the PARENT resource first.. if that is allow then it further checks access to CHILD ?
In the above case as the PARENT is denying access, when the principal tries to access CHILD .. it is denied access