In an AWS Organizations setup, the root contains an OU named 'Environments', which in turn has two child OUs: 'Development' and 'Production'. All these OUs currently have the default FullAWSAccess policy. A DevOps engineer intends to remove the FullAWSAccess policy from the 'Development' OU and replace it with a policy that permits all actions exclusively on Amazon EC2 resources. What would be the resulting access control effect for users within the 'Development' OU after this policy change?