If say through the root user, you attach a policy say IAMReadOnlyAccess to the user, you will only be able to read anything on the IAM. You will be denied of any other access if tried.
Example: you create a user group names developer and attach a policy AlexaForBusiness to it, and a user group admin with policy AdministratorAccess. If you add a user say ksama to both these groups, and also attach a policy say IAMReadOnlyAccess directly to this user, then this user will have 3 permission policies attached.
Looking at some policies in detail:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:GenerateCredentialReport",
"iam:GenerateServiceLastAccessedDetails",
"iam:Get*",
"iam:List*",
"iam:SimulateCustomPolicy",
"iam:SimulatePrincipalPolicy"
],
"Resource": "*"
}
]
}
Create Policy using Visual Editor or a JSON Editor