Access Control policies can be nested
including nesting DENY and ALLOW policies. This permits highly
granular control of access but exposes the user to unexpected access
even when DENY policies are in place. The SPM therefore warns users
whenever there is an ALLOW policies nested under a new DENY policy.