The user may not have the appropriate AWS permissions to carry out the action in the policy.
When setting up a policy to follow the authorizer workflow, meaning it is not a fully automatic action, the Authorizer is sent to AWS to retrieve their secure access token. This token is a representation for CH to perform the action on behalf of that user. We are not using CloudHealth IAM policy to preform the action, we are using the user's IAM policy. In other words, if an action in a policy is configured for an authorizer to accept an action but that user account within AWS doesn't have access to the infrastructure the action is based on, the policy will not work as expected.
The On/Off button for actions in the setup does not have any function other then editing the generated policy to include the necessary permissions to accomplish the action fully auto.