A security engineer initially sets an Amazon S3 bucket policy to deny access to all users. Subsequently, the engineer modifies the policy to grant read-only access to a specific employee. Despite the update, the employee continues to encounter an 'access denied' error. What is the most probable cause of this persistent access denial?