If a user account is present in 2 different groups that have different permissions on an asset what access do they get?
Eg. user1 is in group1 and group2, group1 has "read" on asset1 and group2 has "write" on asset1.
For simplicity lets assume both groups are groups in a backend LDAP bridge.
If they're all "Allow" permissions, then additive. If there's a "Deny" permission in there then it gets a bit more complicated.
If there is a deny, it always takes precedence over allow.
Cheers guys.