Accelerator Security has been improved in version 6.2.0.0 to now support two different methods of handling multiple user groups for a single user. The two different methods are inclusive and exclusive security. By default the security mode is set to inclusive when working with multiple user groups. This configuration can be changed in the web.config appSettings in the Accelerator Services by setting the following key to false.
<!--Multiple User Group Security Option --> <add key="Framework.IsMultipleUserGroupSecurityInclusive" value="false" />
Inclusive (true): If the security mode is set to be inclusive this will mean that the user will have access if any of the enrolled usergroups have access to that object.
Exclusive (false): If the security mode is set to be exclusive this will mean that the user will have access to an object only if all of the enrolled usergroups have access to the object.
Previous to Accelerator 6.2.0.0
Previous to the Accelerator version 6.2.0.0 the multiple usergroup security did not work correctly. It would give you access to objects that were enrolled in the first added usergroup and then to all modules in any applications that were added to any additional enrolled usergroups.