A policy is a template for a key and that key is what is used in the session. How a policy is chosen in the keys is determined by their partitions and the API being accessed. I have not tried but I assume you might get a weird behavior if you enable quota, acl and rate_limit for all the policies. Or it could just select one (probably the first) out of all the policies to enforce. Generally you want to abstain from setting a configuration that could cause unintended behaviors.