According to this https://medium.com/@bekahlundy/google-cloud-platform-fundamentals-for-aws-professionals-week-2-bbee857472f5 Policies are a union of those applied on the resource itself and those inherited from higher levels in the hierarchy. If a parent policy is less restrictive, it overrides a more restrictive policy applied on the resource. If a parent policy is more restrictive, it does not override a less restrictive policy applied on the resource. Therefore, access granted at a higher level in the hierarchy cannot be taken away by policies applied at a lower level in the hierarchy.
But according to the diagram here https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy Parent allows red+green, child denies green, and the result is red?
Seems to conflict. Appreciate any input. Thanks!
