In Google Cloud Platform (GCP), resources are organized hierarchically using organization nodes, folders, and projects. Cloud Identity and Access Management (IAM) allows you to set policies at each of these levels. Considering this hierarchical structure, when different IAM policies are applied at these various levels, what determines the effective policy at a specific node within the hierarchy?