An IAM user encounters an 'Access Denied' error when trying to access objects in an Amazon S3 bucket within the same AWS account. The S3 bucket employs server-side encryption with AWS KMS keys (SSE-KMS) for all its objects at rest, utilizing a customer managed key from the same account. There is no bucket policy in place for the S3 bucket. The IAM user has been granted permissions via an IAM policy that includes kms:Decrypt for the customer managed key, as well as s3:List* and s3:Get* permissions for the S3 bucket and its objects. What might be the underlying cause preventing the IAM user from accessing the objects in the S3 bucket?