A user can be a member of one or more groups. The following table summarizes how the server handles access for a user that is a member of a single group. Access can be any of List, Read, Write, or Execute.

But what happens when the user is a member of more than one group? To determine the access setting for a user that is member of more than one group, Integration Server assigns different strengths to the settings. Specifically, Denied overrides Allowed, and Allowed overrides Not-specified.

For example, suppose user Smith is a member of three groups, and each group has a different List access to the FY2013 package, as shown below.

As a result of these settings, Smith is denied List access to the package because the Denied setting of the Support group overrides the other settings.