If a user belongs to multiple permission groups, which permissions/roles are applied?
The following rules determine which permission takes precedence:
Rule 1: Lower Hierarchy Takes Precedence
If permissions apply to resources at different hierarchical levels, the permission for the lower (more specific) hierarchical level takes precedence.
Rule 2: Broader Permission Takes Precedence
If permissions apply to resources at the same hierarchical level, the broader permission takes precedence.
Example 1: Rule 1 in Action
Consider the following program and project hierarchy:
-
Program X
-
Project Y
-
Project Z
-
If you belong to both Permission Group A and Permission Group B:
-
Permission Group A: Edit permission for Program X
-
Permission Group B: View permission for Project Y
According to Rule 1, the permission from Permission Group B will apply, allowing you to view Project Y.
Example 2: Rule 2 in Action
Consider the following program and project hierarchy:
-
Program X
-
Project Y
-
Project Z
-
If you belong to both Permission Group A and Permission Group B:
-
Permission Group A: Edit permission for Project Y
-
Permission Group B: View permission for Project Y
According to Rule 2, the permission from Permission Group A will apply, allowing you to edit Project Y.