Autodesk Vault security model has two types of denied security, implicit and explicit denies. An implicit deny is when a user or group are not granted a specific permission in the security settings of an object, but they are not explicitly denied either. Granting permission to an object is done by the administrator adding the user or group to the object’s Access Control List (ACL) and selecting the Allow option for the Read, Modify or Delete permissions. If the administrator does not add the user or group to the object or doesn’t select the Allow or Deny options for any of the permissions, the user or group is implicitly denied the permission to the object. Using the implicit deny can be an advantage because you can add an individual to the object and allow them specific permissions if needed. For example, if you have the Management group with Read permission to a file but you want to allow one user in the Management group to Modify the file, you can add the individual user to the files permission and select the Allow option for the Modify permission. Using this method allows the individual user to modify the file even though the group they are in only has the Read permission. An implicit deny only denies a permission until the user or group is allowed to perform the permission.
The explicit deny is when the administrator has selected the Deny option for a permission for a user or group. This Deny takes precedence over all allowed settings. The administrator has explicitly set the permission, and there is no way around it. Only use the Deny option if you mean to deny the user or group at all cost. If the administrator has set the Deny Read option on an object for a group, all members of that group are not able to read the object. If the administrator adds a user and gives them the Allow Read permission, if that user is a member of that group, they still are not able to read the object.
Be careful setting the Deny on any object. It may work not as you intended.
Irvin Hayes Jr