A policy that grants all permissions may indicate an improper access control, which violates https://en.wikipedia.org/wiki/Principle_of_least_privilege[the principle of least privilege]. Suppose an identity is granted full permissions to a resource even though it only requires read permission to work as expected. In this case, an unintentional overwriting of resources may occur and therefore result in loss of information.