Hi,
we have nextcloud 20.0.4 with group folders 8.2.0 running for the local fire department. There is a problem if a user belongs to multiple groups and one of this group is read disabled for a folder.

It seems, if a user is read denied from being a member of group via direct setting in ACL for one folder, the user is still disabled even though being a member of an another inherited allowed group - this is wrong!

Believing the manual unset rights are always inherited from the parent folder and also allow overrules deny. But this is not working in our case!

We did a tryout scenario with reduced users and groups - you will find attached all informations as screenshots.

1. create test users and groups (OK -> see screenshot below)
2. create groupfolder (OK -> see screenshot below)
3. create ACL with occ (OK -> see screenshot below)
4. check in ACL in UI as admin (OK -> see screenshot below)
5. login as test users and check visibility of folders and subfolders (ERROR -> see screenshot below)

Here you can see the ACL for the folders when logged in as admin - this is similar to the OCC settings:

Here you can see the UI when logged in as test_manager with the missing folder:

I hope to get feedback soon!

Greets Thorsten