conflicting File permissions created by Group membership a..

Archived from groups: microsoft.public.win2000.file_system (More info?)

I want to setup a folder area for my users to share files. I have read up on
NTFS security and am finding it difficult to resolve the effective rights
when a user is a member of 2 or more groups that have different folder
security for the same folder.

The setup is like this:

\\server\share - share point
domain users have full control at the share level, (instead of the default
group - everyone)
a group called SHARED at this level grants read only access rights to this
folder and all subfolders

\\server\share\accounting
a group called ACCOUNTING has modify rights at this level and its members
are also members of the SHARED users group with only has read only access
rights as derived from the inherited rights from the \\server\share folder.

There are many other folders off of the \\server\share folder that we would
like the members of the ACCOUNTING group to be able to read as well, hence
the membership in the SHARE group.

What are the effective rights of the members of the ACCOUNTING group in
\\server\share\accounting ?
Are they only "read only" based on the most restrictive access rights of
both groups ?
or
Are they "modify" based on the most lenient access rights of the two groups
they belong to ?

Is there a technical document that explains this and any other relavent
material ?

Thank you for your assistance,

Ken