Rights may be assigned on a user, group or site wide basis. It is possible that a user, group and sitewide rights can all be in play, so it is important to understand which will take precedent. The hierarchy of which rights get assigned are as follows.
For any object within the site, the more specific the assignment the more likely it is to override other rights.
Site Wide - least specific. Only gets applied if no other rights are assigned to the object.
Group Rights - Less specific. Only get applied if a user isn't directly assigned to the object. If multiple groups are assigned to the object and the user belongs to multiple groups then the group rights are merged. For example Susan belongs to both the Management Group and also to the Publishers Group. If the Management Group has no publish rights, but the Publisher Group does have publish rights, Susan WILL have publish rights.
User Rights - Most specific. If a user is specifically assigned to an object it will override any other conflicting rights assigned to the object that relate to that user.
User > Group > Site
Lets look at Alice for a case example (see image below):
Alice belongs to the Media Group. However Alice is also specifically assigned to that object. Therefore her specific user rights are used and she cannot publish. Even though her group can, her user rights are more specific and therefore take precedent.
Lucy, on the other hand, is not specifically assigned to the object. Instead she is just associated to the Interns group and as such inherits the groups permissions.