users / groups top level security bo xi 3.1

hi,

currently I am setting up a new security in BO XI 3.1 SP 6. And there is something, which I do not understand.

The principal everyone are having for users / groups the following default values at the rights "delete objects" and "edit objects" denied for only this object (top level). The BO-group administrators have the full control right for users / groups (top level).

Now there are users, who are member of the everyone and administrators groups.

If I understand the BO documentation correctly, allowed by administrators group and denied by everyone group the result must be denied. But it is not?!

Where am I wrong?

I also have the same issue with custom groups and everyone.

Thanks for help in advance!

Mark