The Access Policy is just a collection of statements and parameters that may define access to specific types of website resources. However, it has no effect unless it is attached (assign) to somebody.
With the Advanced Access Manager plugin, you have the ability to assign a defined policy to any role, individual user, visitors and if you have Plus Package add-on installed, you can also attach it to everybody.
In the short video below, the policy is attached to the Moderator role and any user that belongs to this role will comply with this policy.
AAM also allows overriding (excluding) the attached access policy for any user, role or visitors that are in the lower hierarchical chain. For example, if you attach a policy to the Editor role, then all users that have this role will automatically have the policy applied, however, you can exclude any user by unchecking the attached policy.