Why auth/approle/login policy?

in all documentation we found around approle we found the following policy entry:

# Login with AppRole
path "auth/approle/login" {
  capabilities = [ "create", "read" ]

Could someone please shade some light what this policy does?
Because one can login without this policy…

ref: https://learn.hashicorp.com/vault/identity-access-management/iam-authentication

You’re totally right, the policy you’re mentioning isn’t necessary to authenticate to Vault using AppRole, more generally login operation is by definition an un-authenticated Vault operation, which in itself isn’t associated to a policy.

– Sebastien Braun