Policy with * - user level

Let’s assume i am a vault user and i am the owner of my application namespace. If i create a policy with *, what is the maximum access I can get ?

Audit would like to know, if an user create a * policy how does that stop him/her from accessing the system level policies or root policies. I am certain that it restricts only to the namespace they are authorized to, and vault has an “implicit deny” permissions, but what does the backend technical configurations to this ?

Thanks in Advance

All policy paths defined within namespaces, are relative to the namespace in which they are defined. So * within a namespace is effectively the-namespace-name/*.

@jeffsanicola has this readme page which makes it clearer: