I'm getting not authorized messages in the following scenario in UDB V8.2 running on a Unix server. UDB is using server authentication.
1) User A has primary group of REF and secondary group of DBA
2) User B has primary group of DBA and secondary group of REF
3) Group REF was granted only SELECT authority to a table and then group DBA was granted SELECT, INSERT, UPDATE and DELETE authority to the same table.
The result is, User A has SELECT authority only and User B has no access to the table. UDB appears to be using whatever authority was granted to the table first. I've reversed the order of the GRANTs on the table, and then the user with group REF had no access to the table and the user with group DBA has full access to the table.
I thought that UDB would merge the authority for the primary group with the secondary groups to determine if the group had authority to an object.