I work for a large medical organization and am beginning to run into a few problems with securing server shares with AD security groups and roles. For instance, I've got a large pool of registered nurses, I've bundled them into a role RN. These RN's need to have access to many different shares so this works well. However, within the role of RN are a number of nurses who are considered charge nurses. I recently have been asked to allow all RN's -R access to a share that charge nurses need to have -M access to. It is my understand that if I put the charge nurses in the -M group, it will be overruled by the fact that these nurses are in the RN role group configured on the -R group? Is my thinking correct here? To remove these 6 charge nurses from the RN role would prevent them access to all the other shares RN's need to have access to without readdressing secuity on every and add an adddition role of Charge Nurse..Any advice would be greatly appreciated.