#allis a magic word that may be used on a policy to match all of the resources of that particular type
For example, on a service policy, I can include
#all as a service role to match all services, or
#all as an identity role to match all identities.
#all doesn’t make sense as a role attribute on a resource e.g. identity, service, or edge router; because it’s implied i.e. all resources match
#all when it is used on a policy, and adding
#all to a resource must not effect a grant for all policies of a particular type to that resource, correct? Therefore, adding
#all to a resource’s role attributes never has any effect.