In an AWS Organization with Service Control Policies (SCPs), the root SCP is configured as follows: The company's developers, who are part of a group with an IAM policy allowing all actions on Amazon Simple Email Service (Amazon SES) via ses:* actions, are experiencing authorization errors when attempting to access Amazon SES through the AWS Management Console. The developers' account is a child of an Organizational Unit (OU) that permits Amazon SES actions. What modification should a security engineer make to enable the developers to access Amazon SES?