Regarding permissions of groups and users, have in mind that there are two ways to grant or deny a permission to an user: through a group membership (recommended), or directly.

Assigning permissions to an user through a group membership

It is the recommended way of assigning permissions: all the members of the group inherit the same permissions. Should you need to add more permissions or change the existing ones, you do it in a single step and it affects all the group members.

Have in mind that many users will be members of more groups.

Normally, the permissions inherited from all the groups where an user is member of, are summed up. For example, the Everyone group gives to their members the permission to View content of some folders, while the Editors group gives the permission to edit content in those folders. A user that is member of both groups will have View and Edit permission on those folders.

If a permission is undefined in one group, but granted in other group, it is granted.

If a permission is undefined in one group, but denied in other group, it is denied.

If the permissions are opposite, e.g. the Administrators group grants the View permission, and the Everyone group denies it, the outcome depends on the order in which the groups are listed in the user editing dialog box. On the following screenshot, the Administrators group is above Everyone group - therefore, the View permission will be granted. Should you move the Administrator group below Everyone, the View permission will be then denied.

Assigning permissions to an user directly

It is a way to override the inherited groups permissions, as the user permissions assigned directly have a priority over the permissions, inherited from groups.

However, it is recommended to do it only as an exception.