You played a lot with the rights 
allowing / denying
There are some things to know about the Right system:
-
You don’t need to explicitly set some rights, but you can rely on the default values. See the values at http://extensions.xwiki.org/xwiki/bin/view/Extension/Security%20Module#HDefaultrightsbeingpredefined or http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Permission%20types/ . The problem is that some are default on deny or default on allow and we don’t display this in the UI, so might be confusing.
-
Also there is a very important rule:
When a right has been allowed at a given level, it get explicitly denied to anyone else at the same level. For example, if edit right is allow at document level to userA only, it will be denied to any other userB, unless this userB receive an implied edit right with a different inheritance policy at a higher level (userB is admin for example)
read more about it at http://extensions.xwiki.org/xwiki/bin/view/Extension/Security%20Module#HDefaultrightsettleradditionalpolicies
Anyway, we want to improve the rights system. I’ve also made a proposal for a Rights checker and also to display the default and implicit rights. Read more about it at Rights Improvements
Unfortunately, not many people responded to it. So maybe the current rights system work or the provided solution is not good enough. Until there is more interest or funding for the feature I guess you need to read more and try to understand how rights work.