Assignment

A user is considered to be assigned to a role if:

  1. The user is:
    • listed as a user to be included in the role, or
    • a member of a group that is listed to be included in the role.
  2. The user is not:
    • listed as a user to exclude from the role, or
    • a member of a group that is listed to be excluded from the role.

Exclusions take priority over inclusions.