There’s a question on permission settings among different usergroups. Hope someone can help on this.
For example, User A is in usergroup B and usergroup C. For usergroup B the VIEW permission is denied. For usergroup C the VIEW permission is allowed. The question is whether user A has the permission to view the page or not?
Assuming that the allow and deny are set at the same level (i.e. same page) then it looks like a tie, and http://extensions.xwiki.org/xwiki/bin/view/Extension/Security+Module#HDefaultrightsbeingpredefined indicates that the tie resolution for view right is deny. So I think the user A doesn’t have the permission to view the page. But I’m not an expert. Just pointing out what the documentation says.
Yes, if the allow view for C group is done at a lower level than the deny view for group B (e.g. deny view for B at parent page level and allow view for C at page level). Otherwise, if allow view for C is at the same level with deny view for B then I don’t think it’s possible, unless you give group C administration rights maybe.