Observed that $USER placeholder is not enforced while using it in either in KEY value or User's value in Policy Item.
volume - test-volume
bucket - test-bucket
key - user/$USER, user/$USER/*
2. Policy Item:
Any user should be able to create user home directory
The user is denied permission to create key.
[root@quasar-tyedwn-1 keytabs]# ozone fs -mkdir -p o3fs://test-bucket.test-volume.ozone1/user/hrt_1
mkdir: User hrt_1@AD.HALXG.CLOUDERA.COM doesn't have CREATE permission to access key