Let’s say for example you want to allow a user in an alternate account to access an S3 bucket in this account. How would you go about providing this access? Well you have two options. Firstly, you can create an IAM role on this alternative account this act as a sort of proxy. The permissions provided via this IAM role will overwrite the current permissions on your account and you will simply have all the permissions defined by that role until that role is revoked.
On the other hand, if you utilize a resource-based policy, such as a S3 bucket policy. That bucket policy will directly allow access for that user and there is no need to utilize an IAM role as a proxy as that user will have direct access. The permissions on you account will not be overwritten either, those will be maintained and the access will simply be defined by the resource-based policy.