Once marks are applied to content then users can only see that content if they have the required security clearance.
When security groups are created there are three different clearance types available, and each one controls how the user sees content, see How security controls work.
Users with SkyVault Administrator permissions can set and edit the security clearance of users and user groups.
When assigning marks to users or user groups, marks that are inherited from another group aren't shown. Only marks that are assigned directly to this user / group are displayed. If a user (or group) has inherited security marks from a group, then these are added to their directly assigned marks.
Hierarchy based security clearance
For hierarchy based security groups such as the prefined Classification group, a user who is assigned one mark and inherits another has the clearance of the higher of the two. For example, a user who has Confidential clearance directly assigned, and has inherited Top Secret clearance from a group, will have Top Secret Clearance.
Non-hierarchy based security clearance
For non-hierarchy based security groups the security marks are added together, so that a user who is directly assigned the UK mark, and inherits the US mark from a group, will have clearance for both UK and US marked files.