If a user is a member of more than one security group, the rights of each group is OR'ed together to determine the user's access rights. For example, if a user is a member of two groups and one of the groups has Write access for an object and the other Read access, the user will have Write access.

Object level permissions override group level permissions, which in turn override class level permissions.

To expand any folder, for example to list the computers in a group, you must have Read rights for that folder.

To create an object, you must have the Create rights on the object.If the created object should be placed in a folder, you must also have Read and Write rights for the folder.

The Paste and Link operations require Write rights on the current folder or object (for example, when pasting files and folders).

The Move operation requires Write rights on two folders or objects, both the source and destination.