Privileges are additive by design.
Let's say I as a user belong to 2 groups, foo1, foo2.
The admin has run the following SQL:
GRANT SELECT on table bar to `foo1`
This means that I'll be able to select from the table bar because there's a grant.
Let's say the admin runs the following SQL:
GRANT SELECT ON table bar to `foo2`
This means that I'll be able to select from the table bar because there's a grant (now 2 grants).
Now If I revoke the first grant to the first group
REVOKE SELECT ON table bar from `foo1`
I will still be able to query from the table bar, because the second grant is still there.
Where things get complicated is when you have dynamic views that depend on individual columns showing up based on group membership. This depends entirely on how the view is written and what the logical conditions are for case evaluation.
