Relation between AccessGroup and AccessControl settings

Hi
I have a question wrt to Access Groups and the Access Control settings of a project area:
Can an Access group be used to provide read access to user X to certain artefacts of a project area even if the user X would not see the project according to the Access Control settings?
Or do Access Groups always even further restrict the read access to project area artefacts compared to the Access Control settings of the project area.
One answer

Marko,
Comments

This is not how this is documented to work. I have filed defect: https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/425645

Hi Geoff,

Please note, that the current behavior is actually helping. If it was not for the current behavior we observed, it would be impossible to be able to check who has access to what, without iterating everything.

How is the current behavior necessary to determine who has access to what?

So everyone has access and you have to iterate the whole database of items owned by the project area (including each and every of the million SCM objects) and look at the access context to determine who actually has access?