# Authorization

![](https://gblobscdn.gitbook.com/assets%2F-MLbaDTwNMiD9O-pKq9y%2F-MLe9K3Icx5VyhDRpLNh%2F-MLmxxtlGsZfXAYlWAXY%2Fimage.png?alt=media\&token=9d33160c-7b93-49b3-a736-ded385331279)

* This is the **hierarchy for AWS effects:**
  * **Explicit deny is the most powerful and nothing can overrule this.**
  * **Explicit allow is the next most powerful effect** but this will only be allowed if you don't have an explicit deny.
  * If you have **none of these (no explicit deny and no explicit access), you have no access** because **by default, everything is denied** (unless you are a root user).<br>
* If there are a lot of policies and a lot of statements, **AWS will take them all into account and will just apply the same hierarchy as above, so if there is an explicit deny, you can't overrule that**, if you have an explicit allow, you are allowed and if there is no effect, you are denied by default.