In a larger environment, or more-so an environment which is quiet old, security groups fester. It’s just a fact of life.
You add a user to a few groups, they suddenly have access to a published app. You remove the obvious culprit, but they still have access.
Manually, it would take you months or years to find the sneaky group link. Until now.
What it looks like:
So in the above example, “Test Group 1” has been configured for our published resource (app/desktop). However, there are several layers of nesting, and our test user will get access even though they’re a member of “Test Group 3”.