12-15-2017 02:15 AM
12-15-2017 02:31 AM
First of all, start with a high-level "deny" on the resources. Ideally, you use the SASUSERS and PUBLIC groups for this.
Then you allow the groups A and B for their respective resources.
You can now contemplate to either assign the one "A" user to group B also, or "allow" that one user access to selective resources of B.