Thanks for getting in touch! Permissions are accumulative, so they'll have every permission that's assigned to each individual role belonging to the team they're a part of. If they have sysadmin permissions, they won't have any limitations to their privileges regardless of what other roles they have. Feel free to expand on what you're trying to achieve with this user's permissions, and I'll be happy to help you find the best possible solution. As an example, if you're wanting to limit users based on environment, we have a doc page on setting that up. https://octopus.com/docs/administration/managing-users-and-teams/cr...
You can also test individual users' permissions in the web portal under Configuration > Test Permissions to see each and every permission they have.
I hope this helps for the time being! Don't hesitate to reach out if you have any further questions going forward.
Thanks, I had a scenario where user had sysadmin access restricted to the Project Group, But could not edit some variables for their Projects. User also was part of another team where it is only project viewer access provided, So got this query like, is it Cumulative or delta.
Since it is cumulative, let me browse more and see what restricts the user.