In any IT environment it is very important to understand how a distribution and security groups work. I have come across many employees with minimal knowledge on providing permissions to individuals and groups. I will just add very basic one liners about it in this blog.
* Permissions can be provided to any user or a security group to a Folder or SQL Server (I will use the work container).
* If permissions are provided to a Security group all the members of the security group gains access to the container.
* If Deny permissions are enabled for a user that takes precedence. Example, If I give access to a group X (Assume A is member of group X) and Denied permission to A, I permissions on given container will be denied.
* Security group membership is recursive. Example: if GroupC is member GroupB and GroupB member of GroupA adding permissions to GroupA results GroupC members to gain permissions.
* Distribution groups and Security groups are different. Distribution groups are used to send mails and security groups are for managing permissions. A group can be either a distribution group or a security group or mail enabled security group.
* For a windows folder, effective permissions for a given user can be validated: Folder properties -> Security -> Advanced -> Effective permissions -> Search user
* ActiveDirectoryHelper is a very helpful tool with GUI to understand users and group information in active directory.
Related: https://wordpress.com/post/vijredblog.wordpress.com/1404 (Command to find gorup members)