The root user may be designated as principal in a resource-based policy or an Access List. Root user is also member of an account. If that account is a member of the organization in AWS Organizations, the root user is affected by any SCPs tied to the account.