Understanding how access privilege inheritance affects which content access group users can work with helps you set up your groups and grant privileges effectively. The following illustration and scenarios explain how access privileges are passed to categories and subcategories from the parents.

These scenarios explain which privileges are granted to users when multiple categories, content shared among categories, and membership in multiple groups that include common categories are involved. In general, a user's access to the content in a category is determined by the greatest of the access privileges granted by the access groups they belong to for the parent category. Here are some examples:

• A child subcategory inherits the parent privileges unless privileges are assigned to the child subcategory. In this case, the privilege assigned to the subcategory overrides the parent privilege. In the diagram above, users in the Childrens' Products access group have Write privileges to the Shirts and Shoes child subcategories that is inherited from the parent Clothing category. Users have been granted Approve privileges to the items in the Pants subcategory, which overrides the Write privileges in the Clothing category.

• When an access group grants different privileges to two categories that share common content, the access group members have the greater of the privileges granted to both categories. In the diagram above, the Dolls and Books categories share the Barbie Book content item, but grant users different privileges to that content. The Dolls category grants Read access to the Barbie Book content item, and the Books category grants Write access. The greater of the Read and Write privileges is the Write privilege, so the members of the Children's Products access group have Write privileges to the Barbie Book.

• When a user is a member of two access groups that grant different privileges to the same category, the user has the greater of the privileges granted by the access groups for that category. For example, any user who is a member of the Children's Products and Toys access groups would have Write privileges to the Dolls category. A user who is a member of the Children's Products group only would have Read privileges to the content in that category.

• When a user is a member of two access groups that grant different privileges to different categories that share content, the user has the greater of the access privileges granted by the access groups for that content. For example, suppose that a user is a member of the Children's Products access group, which grants Approve access to the content in the Pants category. This user is also a member of the Toys access group, which grants Write access to the Toys category that is inherited by the Pants category. This user would have the greater access to the content items in the Pants category, which is Approve access.

"Setting up access groups and user accounts" provides instructions for creating access groups.