A security engineer is tasked with configuring account-based access control (ABAC) for an Amazon S3 bucket to ensure that only specific principals can upload objects. These principals already have general access to Amazon S3. The engineer sets up a bucket policy that permits object uploads only if the 'Team' tag on the object matches the 'Team' tag associated with the principal. However, during testing, it is observed that principals can still upload objects to the S3 bucket even when the 'Team' tag values do not match. Identify two factors that could be causing the PutObject operation to succeed under these mismatched tag conditions.