Groups can be defined as an easy way to set access rights for multiple users. Groups can have individual folder rights but do not have default rights. A user can belong to multiple groups as well as have individual folder rights.
If only group access rights exist, the most permissive group takes precedence. For example, if Group A allows R C at root and Group B allows R at $/foo/bar, then group A’s access rights take precedence at $/foo/bar.
However, a single group’s access rights can be restricted by multiple rights assignments. For example, if Group A has R C A at root AND R at $/foo/bar and Group B has RC at $/foo/bar, it is Group B’s RC that takes precedence, because Group A’s R rights permission overrides its RCA at $/foo/bar. As the example shows, a group’s rights assignment closest to the folder in question take precedence over other rights assignments of that group further away.
User vs Group Rights
· User access rights always take precedence over group access rights regardless of where in the tree the group rights are applied. For example, a user access right at root takes precedence over a group access right on the folder itself.
· Inherited group access rights take precedence over user default access rights. The only time default rights are used is when there are no rights assignments at all for a user or any groups they belong to from root down to the folder in question.